Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Losing focus plus other problems - HiJack this included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Losing focus plus other problems - HiJack this included

Unread postby massimo_01 » December 27th, 2006, 12:03 pm

I have been having a couple of problems with my computer. I keep losing focus on windows, other windows will pop up on top of the one I am working on (not internet pop-ups) and folders take a long time to open up. I ran Spybot, SpySweeper, AdAware, and TrojanHunter and removed some, but I am still having problems. Any help is appreciated!

Thanks alot!

Logfile of HijackThis v1.99.1
Scan saved at 10:56:16 AM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dlg\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\osa9.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\kdx\KHost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = exodus3.mke.ra.rockwell.com:8080
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Office SturtUp] C:\WINDOWS\osa9.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EService] "C:\Program Files\Common Files\System\EService\svchost.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DirectX Service (DirectQyvb) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm
Advertisement
Register to Remove

Unread postby Susan528 » December 27th, 2006, 1:15 pm

Hello massimo_01 and Welcome to MalwareRemoval,

STEP 1.
======
Please show all files for your system.
You will need to reverse this process when all steps are done.


Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:
C:\WINDOWS\system32\dlg\ctfmon.exe

Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

Please also check the properties of those files (right-click and select properties from the popupmenu). Look if you can find some company information, etc.

STEP 2.
======
You may want to delete the Boonty Games application from your computer because of their lack of privacy policy.
http://www.castlecops.com/startuplist-11474.html
This is from their Privacy Policy. "We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails to many of our customers at the same time. Subsidiaries and controlled affiliates are not viewed as third parties for the purpose of data transfers, and hence personal information may be shared within those subsidiaries and affiliates without obtaining additional consent."


STEP 3.
======
Disable SpySweeper:
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.
Right click on the SpySweeper icon in your System Tray (near the clock).
From the pop up menu, left click on Shields, this will open the program at the same time.
Click the "Internet Explorer" tab and uncheck the following:
  • IE Favorites Shield
  • IE Security Shield
  • Broswer Helper Object (BHO) Shield
  • IE Hijack Shield
Click the "Windows System Shields" and uncheck the following:
  • Memory Shield
  • Spy Installation Shield
Click the "Startup Programs" tab and uncheck the Startup Items Shield

After all of the fixes are complete it is very important that you enable SpySweeper again.

Disable Trojan Hunter Guard:
Please disable Trojan Hunter Guard, as it may interfere with the fix.
To disable Trojan Hunter Guard:
  • Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
  • Right click it and select settings. Uncheck "Load at startup" and "Enabled"
Once your log is clean you can re-enable Trojan Hunter Guard.

Please set your system to show all files; please see here if you're unsure how to do this.

STEP 4.
======
Stop and Disable Service
  • Go to Start > Run and type in Services.msc then cllick OK
  • Click the Extended tab.
  • Scroll down until you find Service: DirectX Service (DirectQyvb)
  • Click once on the service to highlight it.
  • Click Stop
  • Right-Click on the service.
  • Click on 'Properties'
  • Select the 'General' tab
  • Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
  • From the drop-down menu, click on ‘Disabled'
  • Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

If you wish to keep the Boonty Games –skip the blue text.
Also repeat the step for Service: Boonty Games – BOONTY

Scan with HijackThis. Place a check against each of the following:
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: DirectX Service (DirectQyvb) - Unknown owner - c:\windows\system32\directx.exe (file missing)

Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\system32\dlg\ctfmon.exe
C:\Program Files\Common Files\BOONTY Shared\<=folder
c:\windows\system32\directx.exe (file missing)

Exit Explorer, and reboot as normal afterwards.

Post (reply) with the results from Jotti, a fresh HijackThis log and we will take another look.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby massimo_01 » December 27th, 2006, 1:48 pm

Same thing is still happening. Here is the requested info...

Service load:
0% 100%
File: ctfmon.exe
Status:
OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 518fdd6202baa2c225195d78eeebd2fa
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


New log

Logfile of HijackThis v1.99.1
Scan saved at 12:45:59 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\osa9.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = exodus3.mke.ra.rockwell.com:8080
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Office SturtUp] C:\WINDOWS\osa9.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EService] C:\Program Files\Common Files\System\EService\svchost.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby massimo_01 » December 27th, 2006, 2:00 pm

I found C:\Program Files\Common Files\System\EService\svchost.exe on my PC. Looks like this is a virus according to google. I also just noticed my NAV is no longer starting up. Running NAV now...
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby Susan528 » December 27th, 2006, 4:24 pm

http://www.bleepingcomputer.com/startup ... 14718.html
Name: EService
Filename: svchost.exe
Command: C:\Program Files\Common Files\System\EService\svchost.exe
Description: Added by the W32.Mular.A Emule worm. This file should not be confused with the legitimate C:\Windows\System32\svchost.exe file.
File Location: C:\Program Files\Common Files\System\EService\svchost.exe
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.


Yes you are correct. That is a bad file.

How is your Norton Anti-virus doing?


I would like to check some security settings that may have been altered.

Create a new folder on the desktop.
Copy the contents of this next code box to Notepad.
Name the file inspect.bat
Save as Type: All files
Save in that new folder on the desktop.

Double click on inspect.bat and let it run.
When finished it will open a file in Notepad.
That file will be named lsa.txt
Please post the contents of lsa.txt into your next reply here.
Code: Select all
If not exist Files MkDir Files 


regedit /a /e files\2.txt HKEY_CURRENT_USER\Software\Microsoft\OLE 
regedit /a /e files\3.txt HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa 
regedit /a /e files\4.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole 
regedit /a /e files\5.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa 
regedit /e /a files\6.txt HKEY_USERS\DEFAULT\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA 
regedit /a /e files\7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" 
regedit /a /e files\8.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center" 
Regedit /a /e files\9.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies 
Regedit /a /e files\10.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies 
Regedit /a /e files\11.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WindowsFirewall 
Regedit /a /e files\12.txt HKEY_CURRENT_USER\SOFTWARE\Policies\WindowsFirewall 
regedit /a /e files\13.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters 
regedit /a /e files\14.txt HKEY_LOCAL_MACHINE\SYSTEM\Services\SharedAccess 


Copy files\*.txt = lsa.txt 
rmdir /s /q files 
Start Notepad lsa.txt
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby massimo_01 » December 27th, 2006, 5:23 pm

C:\WINDOWS\osa9.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\cservice.exe
C:\RECYCLER\S-1-5-21-1107577088-1979258131-328166375-1526\DC24.exe
C:\WINDOWS\$NtUninstallKB901017$\IEXPLORE.EXE
C:\WINDOWS\system32\drivers\etc\system.exe.tcf

have been detected and deleted by NAV which will run, but won't autostart with my PC anymore. I can fix that, though... Here is a fresh HT & ISA.


Logfile of HijackThis v1.99.1
Scan saved at 4:20:52 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = exodus3.mke.ra.rockwell.com:8080
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe





-------------------------------------------------------------------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{17492023-C23A-453E-A040-C7C580BBF700}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\$NtUninstallKB901017$\\IEXPLORE.EXE"="C:\\WINDOWS\\$NtUninstallKB901017$\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\altiris\\aclient\\aclntusr.exe"="C:\\altiris\\aclient\\aclntusr.exe:*:Disabled:aclntusr"
"C:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe"="C:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe:*:Enabled:EventClientMultiplexer.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe"="C:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe:*:Enabled:RsvcHost.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe"="C:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe:*:Enabled:RnaDirServer.exe"
"C:\\Program Files\\Common Files\\Rockwell\\EventServer.exe"="C:\\Program Files\\Common Files\\Rockwell\\EventServer.exe:*:Enabled:EventServer.exe"
"C:\\Program Files\\Common Files\\Rockwell\\DaClient.exe"="C:\\Program Files\\Common Files\\Rockwell\\DaClient.exe:*:Enabled:DaClient.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe"="C:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe:*:Enabled:RnaDiagReceiver.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe"="C:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe:*:Enabled:RnaDiagnosticsSrv.exe"
"C:\\Program Files\\Common Files\\Rockwell\\VStudio.exe"="C:\\Program Files\\Common Files\\Rockwell\\VStudio.exe:*:Enabled:VStudio.exe"
"C:\\WINDOWS\\system32\\OpcEnum.exe"="C:\\WINDOWS\\system32\\OpcEnum.exe:*:Enabled:OPCEnum.exe"
"C:\\Program Files\\Rockwell Software\\RSView Enterprise\\MERuntime.exe"="C:\\Program Files\\Rockwell Software\\RSView Enterprise\\MERuntime.exe:*:Enabled:MERuntime.exe"
"C:\\Program Files\\Rockwell Software\\RSView Enterprise\\TagSrv.exe"="C:\\Program Files\\Rockwell Software\\RSView Enterprise\\TagSrv.exe:*:Enabled:TagSrv.exe"
"C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe"="C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe:*:Enabled:RSLinxNG.exe"
"C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe"="C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe:*:Enabled:RSLinxShortcutAOA.exe"
"C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\CounterMonitor.exe"="C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\CounterMonitor.exe:*:Enabled:CounterMonitor.exe"
"C:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"="C:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE:*:Enabled:RSLinx.exe"
"C:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"="C:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe:*:Enabled:OPCTest.exe"
"C:\\Program Files\\TightVNC\\vncviewer.exe"="C:\\Program Files\\TightVNC\\vncviewer.exe:*:Enabled:vncviewer"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\TightVNC\\WinVNC.exe"="C:\\Program Files\\TightVNC\\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\\WINDOWS\\system32\\drivers\\etc\\system.exe"="C:\\WINDOWS\\system32\\drivers\\etc\\system.exe:*:Disabled:system"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"C:\\WINDOWS\\$NtUninstallKB901017$\\IEXPLORE.EXE"="C:\\WINDOWS\\$NtUninstallKB901017$\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"="C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe:*:Enabled:Stronghold Legends"
"C:\\Program Files\\Anno 1701\\Anno1701.exe"="C:\\Program Files\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701"
"C:\\WINDOWS\\system32\\Installer.exe"="C:\\WINDOWS\\system32\\Installer.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\dlg\\ctfmon.exe"="C:\\WINDOWS\\system32\\dlg\\ctfmon.exe:*:Enabled:Firewall"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE:*:Enabled:UPDATE"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE:*:Enabled:DFBHD"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"="C:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe:*:Disabled:BugReport"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"="C:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe:*:Enabled:Sprite Backup PC Service"
"C:\\WINDOWS\\kdx\\KHost.exe"="C:\\WINDOWS\\kdx\\KHost.exe:*:Enabled:Delivery Manager"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP"="135:TCP:*:Enabled:Port 135 TCP"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"4445:TCP"="4445:TCP:*:Enabled:remote log"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
"AllowInboundEchoRequest"=dword:00000001

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,78,00,00,00,88,00,00,00,00,00,00,00,\
14,00,00,00,02,00,64,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,00,00,18,00,1b,00,00,00,01,01,00,00,00,00,00,05,07,00,00,\
00,01,08,00,00,20,00,00,00,00,00,00,00,00,00,00,00,ac,eb,1d,00,20,00,00,00,\
00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,02,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:000004bc
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000001
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:ae,e1,e1,e1,08,65,25,a0,8f,46,44,de,7f,36,28,bf,33,32,34,65,31,\
38,63,63,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,81,5d,c9,82

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:2a,07,76,fd,6d,23,aa,29,4c

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:6e,69,a4,86,a4,8e

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:10,67,f3,73,04,92,c5,33,f1,8c,7c,5b,92,6e,0b,8b

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:3e,71,2b,65,52,b5,c5,01

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,ce,2e,70,df,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,ce,2e,70,df,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,ce,2e,70,df,79,c4,01
"Type"=dword:00000031

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoClose"=dword:00000000
"NoLogOff"=dword:00000000
"NoRun"=dword:00000000
"NoWinKeys"=hex:00,00,00,00
"NoChangeStartMenu"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=dword:00000000


massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby Susan528 » December 27th, 2006, 11:14 pm

Please do the following:

STEP 1.
======
Combofix
  1. Download this file - combofix.exe
  2. Double click combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

STEP 2.
======
GMER
Please create a new subfolder in the Program Files folder called GMER. If you have an older version of GMER installed, you must delete it.
  • Download GMER and extract it to the C:\program files\GMER folder.
  • Please rename the GMER file
    Note: You can rename gmer.exe to anything you like as long as you keep the .exe ending.
    Run the Gmer.exe renamed program by double-clicking the executable file (gmer.exe) in Windows Explorer.
    You may be prompted to scan immediately if GMER detects rootkit activity.
    • If you are prompted to scan your system click "yes" to begin the scan.
    • If you are not prompted, Click the "Rootkit" tab, then click "Scan".

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in a reply here.

Please post (reply) with the ComboFix log, the results from the GMER scan, and a fresh hijackthis log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby massimo_01 » December 28th, 2006, 9:44 am

It seems the GMER site is down. I wasn't able to find another mirror for the beta, but I did download v1.0.12 and run that.

ComboFix:

azaffiro - 06-12-28 8:10:46.42 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\azaffiro\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-28 to 2006-12-28 ))))))))))))))))))))))))))))))))))


2006-12-27 10:54 <DIR> d-------- C:\Program Files\HijackThis
2006-12-27 10:20 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2006-12-27 08:47 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-27 08:47 21,568 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-12-27 08:47 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-12-27 08:47 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-12-27 08:47 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-27 08:47 128,064 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-12-27 08:47 <DIR> d-------- C:\Program Files\Webroot
2006-12-27 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2006-12-27 08:45 <DIR> d-------- C:\Documents and Settings\azaffiro\Application Data\Webroot
2006-12-21 15:36 40,960 --a------ C:\WINDOWS\system32\Fish Tycoon.scr
2006-12-21 15:36 <DIR> d-------- C:\Program Files\Fish Tycoon
2006-12-21 15:07 <DIR> d-------- C:\WINDOWS\kdx
2006-12-21 15:07 <DIR> d-------- C:\Documents and Settings\azaffiro\Application Data\Kontiki
2006-12-19 10:39 <DIR> d-------- C:\Program Files\Bitvise Tunnelier
2006-12-18 09:10 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-18 09:10 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-18 09:08 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-18 09:07 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-15 14:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2006-12-14 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GSPNA
2006-12-14 15:47 48,640 --a------ C:\WINDOWS\mmfs.dll
2006-12-14 15:47 2,560 --a------ C:\WINDOWS\Runservice.exe
2006-12-14 15:47 1,577 --ahs---- C:\WINDOWS\system32\mmf.sys
2006-12-14 15:45 <DIR> d-------- C:\Program Files\GSPNA
2006-12-13 16:02 <DIR> d-------- C:\Program Files\Orneta
2006-12-13 15:47 <DIR> d-------- C:\Program Files\SBSH
2006-12-13 15:37 <DIR> d-------- C:\Documents and Settings\azaffiro\Application Data\Sprite Software
2006-12-13 15:37 <DIR> d-------- C:\Documents and Settings\azaffiro\Application Data\Sprite Setup Wizard
2006-12-13 15:37 <DIR> d-------- C:\Documents and Settings\azaffiro\Application Data\Sprite PC Agent
2006-12-12 12:50 <DIR> d-------- C:\log
2006-12-12 12:42 <DIR> d-------- C:\Program Files\Deep Silver
2006-12-12 09:03 <DIR> d-------- C:\Program Files\Adobe
2006-12-12 08:48 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2006-12-12 08:47 <DIR> d-------- C:\Program Files\MSECACHE
2006-12-11 13:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-12-11 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2006-12-08 15:11 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-12-07 12:47 <DIR> d-------- C:\Program Files\Fma
2006-12-07 12:47 <DIR> d-------- C:\Documents and Settings\azaffiro\Application Data\FMA
2006-12-06 15:11 <DIR> d-------- C:\Program Files\TraySoft
2006-11-30 12:36 <DIR> d-------- C:\Program Files\ATI Multimedia
2006-11-30 12:35 <DIR> d-------- C:\Program Files\SnapStream Media
2006-11-30 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SnapStream
2006-11-29 08:21 <DIR> d-------- C:\Program Files\NovaLogic
2006-11-28 09:52 <DIR> d-------- C:\Program Files\THQ


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-28 08:09 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-27 12:35 -------- d-------- C:\Program Files\Common Files
2006-12-20 14:55 -------- d---s---- C:\Documents and Settings\azaffiro\Application Data\Microsoft
2006-12-18 16:39 -------- d-------- C:\Program Files\Windows Media Player
2006-12-18 16:39 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-18 09:19 -------- d-------- C:\Documents and Settings\azaffiro\Application Data\Adobe
2006-12-18 09:10 -------- d-------- C:\Program Files\Internet Explorer
2006-12-15 14:13 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-15 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 03:01 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 15:45 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-08 16:35 -------- d-------- C:\Program Files\shockwave.com
2006-12-08 16:34 -------- d-------- C:\Program Files\Flip Words
2006-12-08 16:33 -------- d-------- C:\Program Files\Word Blitz Deluxe
2006-12-08 15:30 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-12-08 09:44 25359 --a------ C:\Documents and Settings\azaffiro\Application Data\Comma Separated Values (Windows).ADR
2006-12-07 14:00 2508 --a------ C:\Documents and Settings\azaffiro\Application Data\$_hpcst$.hpc
2006-12-07 12:42 -------- d-------- C:\Program Files\Playtonium Jigsaw Enchanted Forest
2006-11-27 14:39 -------- d-------- C:\Program Files\EA GAMES
2006-11-27 14:38 -------- d-------- C:\Program Files\Five Card Deluxe
2006-11-27 14:37 -------- d-------- C:\Program Files\GameHouse
2006-11-27 14:34 -------- d-------- C:\Program Files\Atomaders
2006-11-27 14:34 -------- d-------- C:\Program Files\Atlantis
2006-11-27 14:34 -------- d-------- C:\Program Files\Around 3D
2006-11-27 14:34 -------- d-------- C:\Program Files\Alpha Ball
2006-11-27 14:34 -------- d-------- C:\Program Files\Alien Sky
2006-11-27 14:33 -------- d-------- C:\Program Files\Word Emperor
2006-11-27 14:33 -------- d-------- C:\Program Files\MicroMan's Crazy Computers
2006-11-27 14:33 -------- d-------- C:\Program Files\Lemonade Tycoon 2
2006-11-27 14:33 -------- d-------- C:\Program Files\Gold Miner
2006-11-27 14:33 -------- d-------- C:\Program Files\Dropheads
2006-11-27 14:30 -------- d-------- C:\Program Files\Air Strike 2
2006-11-27 14:29 -------- d-------- C:\Program Files\Fiber Twig
2006-11-27 14:29 -------- d-------- C:\Program Files\Feed The Snake
2006-11-27 14:29 -------- d-------- C:\Program Files\5 Spots
2006-11-27 14:28 -------- d-------- C:\Program Files\Fusion
2006-11-27 14:27 -------- d-------- C:\Program Files\Anno 1701
2006-11-27 14:26 -------- d-------- C:\Program Files\Electra
2006-11-27 14:04 131 ---hs---- C:\Documents and Settings\azaffiro\Application Data\.zreglib
2006-11-27 14:04 -------- d-------- C:\Documents and Settings\azaffiro\Application Data\SlySoft
2006-11-27 14:04 -------- d-------- C:\Documents and Settings\azaffiro\Application Data\Elaborate Bytes
2006-11-27 14:03 -------- d-------- C:\Program Files\SlySoft
2006-11-27 14:03 -------- d-------- C:\Program Files\Elaborate Bytes
2006-11-14 15:08 -------- d-------- C:\Documents and Settings\azaffiro\Application Data\Ahead
2006-11-14 15:06 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-14 09:36 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-11-14 09:36 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-11-13 09:23 -------- d-------- C:\Program Files\Firefly Studios
2006-11-13 03:30 217300 --a------ C:\WINDOWS\system32\Installer.exe
2006-11-09 16:11 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-09 16:11 -------- d-------- C:\Program Files\CleanSuite
2006-11-09 09:49 299008 --a------ C:\WINDOWS\system32\miccyhook.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 12:14 -------- d-------- C:\Program Files\Electronic Arts
2006-11-06 12:11 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 12:32 123904 --a------ C:\WINDOWS\system32\keygen.exe
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-10 08:24 669002 --a------ C:\WINDOWS\unins000.exe
2006-10-06 08:48 737280 --a------ C:\WINDOWS\iun6002.exe
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-29 06:56 28248 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 16:05 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-09-28 16:05 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-09-28 16:04 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-09-28 16:03 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@=""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
@=""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoClose"=dword:00000000
"NoLogOff"=dword:00000000
"NoRun"=dword:00000000
"NoWinKeys"=hex:00,00,00,00
"NoChangeStartMenu"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
Completion time: 06-12-28 8:12:44.82
C:\ComboFix.txt ... 06-12-28 08:12





-----------------------------------------------------------------------



GMER:


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-28 08:42:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 89875F30 ZwAllocateVirtualMemory
SSDT a347bus.sys ZwClose
SSDT 8987F198 ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT 898DF868 ZwCreateProcess
SSDT 8987F3C0 ZwCreateProcessEx
SSDT \SystemRoot\system32\DRIVERS\vdiskbus.sys ZwCreateSymbolicLinkObject
SSDT 89878388 ZwCreateThread
SSDT 898C0C98 ZwDeleteKey
SSDT 898DF8E0 ZwDeleteValueKey
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT 89875FA8 ZwQueueApcThread
SSDT 89875E40 ZwReadVirtualMemory
SSDT 898C0C20 ZwRenameKey
SSDT 89878220 ZwSetContextThread
SSDT 898E08F8 ZwSetInformationKey
SSDT 8986EB90 ZwSetInformationProcess
SSDT 89878298 ZwSetInformationThread
SSDT a347bus.sys ZwSetSystemPowerState
SSDT 898E0880 ZwSetValueKey
SSDT 8986EB18 ZwSuspendProcess
SSDT 89875020 ZwSuspendThread
SSDT 8987F348 ZwTerminateProcess
SSDT 89878310 ZwTerminateThread
SSDT 89875EB8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!ZwYieldExecution + 137 804E4971 3 Bytes [ F3, 87, 89 ]
.text ntoskrnl.exe!ZwYieldExecution + 146 804E4980 8 Bytes [ DC, 00, 7C, F7, 88, 83, 87, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 406 804E4C40 8 Bytes [ 90, EB, 86, 89, 98, 82, 87, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 8 Bytes [ 18, EB, 86, 89, 20, 50, 87, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CB4 8 Bytes [ 48, F3, 87, 89, 10, 83, 87, ... ]
.text USBPORT.SYS!DllUnload B9C2C62C 5 Bytes JMP 895521B8

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[2296] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ DB, E7, C3, 83 ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[2460] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ A7, EB, C3, 83 ]
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0003035C C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030588 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0003035C C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2904] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 0003050C C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2904] kernel32.dll!VirtualFree 7C809AE4 5 Bytes JMP 0003054C C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8989E1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8989E1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 896E0DD8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 8946F1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 896E0DD8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 8946F1D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 8946F1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{597B08B0-4DCC-49F2-B73D-6AB6C0616903} IRP_MJ_CREATE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{597B08B0-4DCC-49F2-B73D-6AB6C0616903} IRP_MJ_CLOSE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{597B08B0-4DCC-49F2-B73D-6AB6C0616903} IRP_MJ_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{597B08B0-4DCC-49F2-B73D-6AB6C0616903} IRP_MJ_INTERNAL_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{597B08B0-4DCC-49F2-B73D-6AB6C0616903} IRP_MJ_CLEANUP 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{597B08B0-4DCC-49F2-B73D-6AB6C0616903} IRP_MJ_PNP 892B8990
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 8986ABF0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 89503100
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 8959C2D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 89746FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 898A23E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 896D8978
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 896E2A88
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 89355218
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 8939D020
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 8966C020
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 895058B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 897FDE00
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 89668C60
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 8963BBE8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 8945E1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 893D9608
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 893D3460
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 89618B80
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 89631678
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 89653330
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 89503A28
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 894A2100
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 895F4C28
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 893CBDF8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 89510100
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 893DA7A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 894C2D40
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 8939B1F8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 895501D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8990A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8990A1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 895501D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 895501D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 895501D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 8951F580
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 8951F580
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 8951F580
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8951F580
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 8951F580
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 8951F580
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 8951F580
Device \Driver\00000117 \Device\00000061 IRP_MJ_POWER [F751BDB6] sptd.sys
Device \Driver\00000117 \Device\00000061 IRP_MJ_SYSTEM_CONTROL [F753173C] sptd.sys
Device \Driver\00000117 \Device\00000061 IRP_MJ_PNP [F752A77E] sptd.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 8986ABF0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 89503100
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 8959C2D0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 89746FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 898A23E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 896D8978
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 896E2A88
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 89355218
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 8939D020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 8966C020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 895058B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 897FDE00
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 89668C60
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 8963BBE8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 8945E1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 893D9608
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 893D3460
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 89618B80
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 89631678
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 89653330
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 89503A28
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 894A2100
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 895F4C28
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 893CBDF8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 89510100
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 893DA7A8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 894C2D40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 8939B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 898A11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 898A11D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 89428E08
Device \Driver\NetBT \Device\NetBT_Tcpip_{07842AA3-AFEA-46C8-886B-FCEFFC169F1B} IRP_MJ_CREATE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{07842AA3-AFEA-46C8-886B-FCEFFC169F1B} IRP_MJ_CLOSE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{07842AA3-AFEA-46C8-886B-FCEFFC169F1B} IRP_MJ_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{07842AA3-AFEA-46C8-886B-FCEFFC169F1B} IRP_MJ_INTERNAL_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{07842AA3-AFEA-46C8-886B-FCEFFC169F1B} IRP_MJ_CLEANUP 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{07842AA3-AFEA-46C8-886B-FCEFFC169F1B} IRP_MJ_PNP 892B8990
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8921ECE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 89428E08
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 89275008
Device \Driver\a
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby massimo_01 » December 28th, 2006, 10:00 am

GMER CONTINUED :



Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 89275008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 89275008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 89428E08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 89428E08
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 892B8990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 892B8990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 892B8990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 892B8990
Device \Driver\usbhub \Device\00000079 IRP_MJ_PNP [AEDAB410] hcmon.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 892B8990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 892B8990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 892B8990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{5651BF3E-AE88-442E-B4F4-88B669F41FFD} IRP_MJ_CREATE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{5651BF3E-AE88-442E-B4F4-88B669F41FFD} IRP_MJ_CLOSE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{5651BF3E-AE88-442E-B4F4-88B669F41FFD} IRP_MJ_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{5651BF3E-AE88-442E-B4F4-88B669F41FFD} IRP_MJ_INTERNAL_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{5651BF3E-AE88-442E-B4F4-88B669F41FFD} IRP_MJ_CLEANUP 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{5651BF3E-AE88-442E-B4F4-88B669F41FFD} IRP_MJ_PNP 892B8990
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 895B2E88
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 8986ABF0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 89503100
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 8959C2D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 89746FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 898A23E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 896D8978
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 896E2A88
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 89355218
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 8939D020
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 8966C020
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 895058B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 897FDE00
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 89668C60
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 8963BBE8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 8945E1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 893D9608
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 893D3460
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 89618B80
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 89631678
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 89653330
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 89503A28
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 894A2100
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 895F4C28
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 893CBDF8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 89510100
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 893DA7A8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 894C2D40
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 8939B1F8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 8986ABF0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 89503100
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 8959C2D0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 89746FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 898A23E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 896D8978
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 896E2A88
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 89355218
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 8939D020
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 8966C020
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 895058B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 897FDE00
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 89668C60
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 8963BBE8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 8945E1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 893D9608
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 893D3460
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 89618B80
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 89631678
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 89653330
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 89503A28
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 894A2100
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 895F4C28
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 893CBDF8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 89510100
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 893DA7A8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 894C2D40
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 8939B1F8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL [AEDABDD0] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 895501D8
Device \Driver\usbhub \Device\0000007a IRP_MJ_PNP [AEDAB410] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL [AEDABDD0] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 895501D8
Device \Driver\usbhub \Device\0000007b IRP_MJ_PNP [AEDAB410] hcmon.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 8986ABF0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 89503100
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 8959C2D0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 89746FA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 898A23E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 896D8978
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 896E2A88
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 89355218
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 8939D020
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 8966C020
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 895058B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 897FDE00
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 89668C60
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 8963BBE8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 8945E1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 893D9608
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 893D3460
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 89618B80
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 89631678
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 89653330
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 89503A28
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 894A2100
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 895F4C28
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 893CBDF8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 89510100
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 893DA7A8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 894C2D40
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 8939B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 89279E88
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 896EE578
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL [AEDABDD0] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 895501D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 89279E88
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 896EE578
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 896EE578
Device \Driver\usbhub \Device\0000007c IRP_MJ_PNP [AEDAB410] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 895501D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 895501D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [AEDABDD0] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 895501D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 895501D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 895501D8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 896C0C90
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 898A11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 898A11D8
Device \Driver\usbhub \Device\0000007d IRP_MJ_PNP [AEDAB410] hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 8951F580
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 8951F580
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 8951F580
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [AEDAC190] hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 8951F580
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 8951F580
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 8951F580
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 89724BD8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4C0063E9-1348-4B5D-A9CE-0126FDC6C051} IRP_MJ_CREATE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{4C0063E9-1348-4B5D-A9CE-0126FDC6C051} IRP_MJ_CLOSE 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{4C0063E9-1348-4B5D-A9CE-0126FDC6C051} IRP_MJ_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{4C0063E9-1348-4B5D-A9CE-0126FDC6C051} IRP_MJ_INTERNAL_DEVICE_CONTROL 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{4C0063E9-1348-4B5D-A9CE-0126FDC6C051} IRP_MJ_CLEANUP 892B8990
Device \Driver\NetBT \Device\NetBT_Tcpip_{4C0063E9-1348-4B5D-A9CE-0126FDC6C051} IRP_MJ_PNP 892B8990
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CLOSE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_READ 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_WRITE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_EA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_EA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SHUTDOWN 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CLEANUP 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_POWER 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_PNP 88A3FCC0
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CREATE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CREATE_NAMED_PIPE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CLOSE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_READ 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_WRITE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_FLUSH_BUFFERS 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_DIRECTORY_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_FILE_SYSTEM_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SHUTDOWN 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_LOCK_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CLEANUP 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CREATE_MAILSLOT 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_SECURITY 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_SECURITY 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_POWER 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SYSTEM_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_DEVICE_CHANGE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_QUOTA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_QUOTA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_PNP 893621A8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_READ 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_WRITE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FLUSH_BUFFERS 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DIRECTORY_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SHUTDOWN 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_LOCK_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLEANUP 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_MAILSLOT 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CHANGE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CLOSE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_READ 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_WRITE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_POWER 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_PNP 89290008
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CREATE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CLOSE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_READ 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_WRITE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0T
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby massimo_01 » December 28th, 2006, 10:03 am

GMER:



Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CLOSE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_READ 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_WRITE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_EA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_EA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SHUTDOWN 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CLEANUP 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_SECURITY 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_POWER 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_QUOTA 88A3FCC0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_PNP 88A3FCC0
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CREATE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CREATE_NAMED_PIPE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CLOSE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_READ 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_WRITE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_FLUSH_BUFFERS 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_DIRECTORY_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_FILE_SYSTEM_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SHUTDOWN 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_LOCK_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CLEANUP 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_CREATE_MAILSLOT 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_SECURITY 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_SECURITY 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_POWER 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SYSTEM_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_DEVICE_CHANGE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_QUERY_QUOTA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_SET_QUOTA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251 IRP_MJ_PNP 893621A8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_READ 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_WRITE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FLUSH_BUFFERS 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DIRECTORY_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SHUTDOWN 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_LOCK_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLEANUP 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_MAILSLOT 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CHANGE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CLOSE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_READ 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_WRITE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_EA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_POWER 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 89290008
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_PNP 89290008
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CREATE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CLOSE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_READ 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_WRITE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_EA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [F7778222] AnyDVD.sys
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F777844A] AnyDVD.sys
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SHUTDOWN 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CLEANUP 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_SECURITY 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_POWER 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_SET_QUOTA 893621A8
Device \Driver\autrxg25 \Device\Scsi\autrxg251Port5Path0Target0Lun0 IRP_MJ_PNP 893621A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 8972D988
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 8972D988
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 8972D988
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 8972D988
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 8972D988
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 889CBC40
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 887D3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 887D3990

---- Modules - GMER 1.0.12 ----

Module _________ BAF48000

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Symantec\hpc:1780292171

---- EOF - GMER 1.0.12 ----
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby massimo_01 » December 28th, 2006, 10:04 am

Hijack This:



Logfile of HijackThis v1.99.1
Scan saved at 8:43:20 AM, on 12/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Bitvise Tunnelier\Tunnelier.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = exodus3.mke.ra.rockwell.com:8080
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby Susan528 » December 28th, 2006, 10:49 am

I am wondering about the following files:

C:\WINDOWS\system32\keygen.exe
C:\WINDOWS\unvise32.exe

Please show all files for your system.
You will need to reverse this process when all steps are done.


Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:
C:\WINDOWS\system32\keygen.exe
Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

Please also check the properties of those files (right-click and select properties from the popupmenu). Look if you can find some company information, etc.

Please repeat for the
C:\WINDOWS\unvise32.exe

Is there any company information about them? I am wondering about possible keylogging software installed on your pc.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby massimo_01 » December 28th, 2006, 11:16 am

Keygen is a program I use for work to generate keys for our software installs, though I don't know how it got to system32 folder. The unvise.exe is from a company called Mindvision. Never heard of it before but Jotti says None Found for everything.

Since I ran antivirus I am not losing focus anymore. Folders are still slow to open. I am searching around to see what else it could be...
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby massimo_01 » December 28th, 2006, 3:03 pm

Well, I think we got it all. I found out that the slow folders (which coincided with my other problems) was a result of installing SpySweeper. One of the guards must be slowing them down. I will disable them one by one to find out which. Assuming you don't find anyother problems, I think we are done.

I appreciate all your help. I wasn't ready to format c:\ [enter] yet. Have a great New Year!
massimo_01
Regular Member
 
Posts: 18
Joined: April 19th, 2006, 2:04 pm

Unread postby Susan528 » December 30th, 2006, 11:37 am

Yes, SpySweeper can slow things down along with other security programs.

Another thing you may want to try though is PCPitstop.

STEP 1.
======
PCPitStop

Please register (it's free, don't worry) with PCPitStop and run the full tests here.
When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post (reply) with it here for me.

You need to update your Java.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware