Sorry if couldn't answer before but today i had to work really hard
By the way here's the logs u asked me...
ComboFix's log:
ComboFix 07-08-25.2 - "Taff" 2007-08-26 23.14.37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.594 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Autorun.inf
C:\DOCUME~1\Taff\DATIAP~1\microsoft\internet explorer\quick launch\intern~1.lnk
C:\WINDOWS\system32\_003770_.tmp.dll
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))
2007-08-26 23:14 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-26 13:08 <DIR> d--h----- C:\Programmi\File comuni\delsim
2007-08-26 01:30 52,224 --a------ C:\h1b9i6h4u6j1.exe
2007-08-26 01:15 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-25 18:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-25 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab
2007-08-25 18:15 <DIR> d-------- C:\Programmi\CCleaner
2007-08-25 16:35 435,200 -r-hs---- C:\WINDOWS\CDSpeed.exe
2007-08-24 19:28 <DIR> d-------- C:\Programmi\Windows Live
2007-08-24 19:28 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2007-08-24 18:32 <DIR> d-------- C:\Programmi\MSN Messenger
2007-08-23 19:00 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-22 12:40 <DIR> d-------- C:\HospitalTycoon
2007-08-22 04:24 <DIR> d-------- C:\Programmi\iTunes
2007-08-22 04:24 <DIR> d-------- C:\Programmi\iPod
2007-08-21 19:31 <DIR> d-------- C:\Programmi\MSXML 6.0
2007-08-21 18:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-02 23:08 <DIR> d-------- C:\DOCUME~1\Taff\DATIAP~1\vlc
2007-08-02 02:42 <DIR> d-------- C:\Programmi\AC3Filter
2007-07-30 15:12 <DIR> d-------- C:\Programmi\File comuni\DirectX
2007-07-30 15:03 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-30 15:03 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-30 15:03 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-30 15:03 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-30 15:03 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-30 15:03 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-30 15:03 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-30 15:03 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-30 15:03 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-30 15:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-30 15:00 <DIR> d-------- C:\Programmi\Codemasters
2007-07-30 14:55 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-30 14:55 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-30 14:55 <DIR> d-------- C:\Programmi\Alcohol Soft
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-25 23:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google Updater
2007-08-25 19:05 --------- d-------- C:\Programmi\eMule
2007-08-24 17:26 --------- d-------- C:\Programmi\Spyware Doctor
2007-08-22 04:23 --------- d-------- C:\Programmi\Apple Software Update
2007-08-14 17:02 82248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-08-14 17:02 57672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-08-14 17:02 40264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-08-14 17:02 29000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-08-04 15:43 --------- d-------- C:\Programmi\World of Warcraft
2007-08-02 23:07 --------- d-------- C:\Programmi\VideoLAN
2007-07-31 15:44 --------- d-------- C:\DOCUME~1\Taff\DATIAP~1\Apple Computer
2007-07-31 15:44 --------- d-------- C:\DOCUME~1\Taff\DATIAP~1\Apple Computer
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-25 02:16 --------- d-------- C:\Programmi\CDex_150
2007-07-21 13:36 --------- d-------- C:\WINDOWS\system32\config\SYSTEM~1\DATIAP~1\PC Tools
2007-07-20 20:03 --------- d-------- C:\Programmi\QuickTime
2007-07-12 13:19 --------- d-------- C:\Programmi\File comuni\Symantec Shared
2007-07-12 03:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
2007-07-11 18:31 --------- d-------- C:\Programmi\Norton Security Scan
2007-07-06 01:33 --------- d-------- C:\Programmi\File comuni\Apple
2007-07-06 01:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
2007-06-28 20:10 --------- d-------- C:\DOCUME~1\Taff\DATIAP~1\Skype
2007-06-28 20:10 --------- d-------- C:\DOCUME~1\Taff\DATIAP~1\Skype
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:30 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:22 1035776 --a------ C:\WINDOWS\explorer.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-12-13 13:01]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-12-13 13:01]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-12-13 13:01]
"Diagnostica SpeedTouch USB"="C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:39 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"CDSpeed.exe"="C:\WINDOWS\CDSpeed.exe" [2007-08-25 16:35]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-26 01:17]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-26 04:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\Taff\Dati applicazioni\Mozilla\Firefox\Profiles\u2sgeyv6.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Taff\Dati applicazioni\Mozilla\Firefox\Profiles/u2sgeyv6.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae62cea4-0af4-11dc-a5c5-000272808c59}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- G:\Recycled\ctfmon.exe
Contents of the 'Scheduled Tasks' folder
2007-08-22 02:23:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmi\Apple Software Update\SoftwareUpdate.exe
2007-08-24 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Programmi\Norton Security Scan\Nss.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-26 23:21:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-26 23:23:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 23:23
--- E O F ---
Jotti's report:
Scan taken on 26 Aug 2007 21:27:15 (GMT)
A-Squared Found nothing
AntiVir Found WORM/IRCBot.435200
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found SHeur.JBL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.IRCBot.aex
Fortinet Found W32/IRCBot.AEX!tr.bdr
Kaspersky Anti-Virus Found Backdoor.Win32.IRCBot.aex
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
GMer's result:
GMER 1.0.13.12551 -
http://www.gmer.net
Rootkit scan 2007-08-26 23:43:59
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT a347bus.sys ZwClose
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
? C:\DOCUME~1\Taff\IMPOST~1\Temp\catchme.sys Impossibile trovare il file specificato.
---- User code sections - GMER 1.0.13 ----
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF2A1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43790297 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 43790218 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379025C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 437901A4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437901DE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437902D2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 4362164E C:\WINDOWS\system32\IEFRAME.dll
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8673FB60
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F74231DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F74231DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7423454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F74231DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7416F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7B4C404] avg7rsw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B8685A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B8685A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8648F108
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8648F108
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86437508
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8648F108
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER