That host tool worked fine. I did the test you asked except the kaspersky scan as there is a problem with the web site. Is there another scanner online I can run? here is the other logs requested.
Combofix
ComboFix 07-06-18.2 - C:\Documents and Settings\HDebo\Desktop\ComboFix.exe
"HDebo" - 2007-06-22 21:07:37 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\HDebo\Desktop\ComboFix-Do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\iybijfrf.exe
C:\WINDOWS\system32\mseuodbq.exe
((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))
2007-06-20 13:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-20 05:17 <DIR> d-------- C:\Program Files\WinPop
2007-06-17 19:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-17 19:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-17 19:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-17 19:34 2,066 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-14 21:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-14 21:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
2007-06-14 17:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-14 13:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 23:28 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\TrojanHunter
2007-06-13 23:27 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-06-13 07:18 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-04 16:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-01 16:19 <DIR> d-------- C:\DOCUME~1\HDebo\APPLIC~1\Uniblue
2007-06-01 00:33 524,288 --ah----- C:\DOCUME~1\ADMINI~1.DES\NTUSER.DAT
2007-05-29 20:35 <DIR> d-------- C:\hidownload
2007-05-28 06:03 454 --a------ C:\WINDOWS\system32\close.vbs
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-22 23:34:43 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\DMCache
2007-06-22 08:20:15 -------- d-----w C:\Program Files\HJT
2007-06-20 09:14:23 -------- d-----w C:\Program Files\Online Services
2007-06-19 23:27:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-19 23:23:21 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-18 06:16:09 -------- d-----w C:\Program Files\BitComet
2007-06-14 00:51:18 -------- d-----w C:\Program Files\Easy Video Joiner
2007-05-30 00:15:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 23:57:26 -------- d-----w C:\Program Files\WinPcap
2007-05-10 23:00:55 -------- d-----w C:\DOCUME~1\HDebo\APPLIC~1\Lavasoft
2007-05-10 23:00:48 -------- d-----w C:\Program Files\Lavasoft
2007-05-10 23:00:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-04-22 03:22:38 0 ----a-w C:\WINDOWS\system32\SBFC.dat
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 04:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE" [2005-06-01 16:09]
"WinPop"="C:\Program Files\WinPop\winpop.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihsService.exe]
"C:\Program Files\Sunbelt Software\iHateSpam\ihsService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
*Newly Created Service* - GMER
Contents of the 'Scheduled Tasks' folder
2007-06-22 23:28:20 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HDebo.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-22 21:08:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-22 21:08:59
C:\ComboFix-quarantined-files.txt ... 2007-06-22 21:08
C:\ComboFix2.txt ... 2007-06-22 04:03
C:\ComboFix3.txt ... 2007-06-21 01:30
--- E O F ---
Gmer
GMER 1.0.12.12244 -
http://www.gmer.net
Rootkit scan 2007-06-22 21:05:32
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT 8663A110 ZwAlertResumeThread
SSDT 86618380 ZwAlertThread
SSDT 86465888 ZwAllocateVirtualMemory
SSDT 8663FD88 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 864455D0 ZwCreateMutant
SSDT 86465078 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 86496568 ZwFreeVirtualMemory
SSDT 8662CA78 ZwImpersonateAnonymousToken
SSDT 8662AAE8 ZwImpersonateThread
SSDT 86498E08 ZwMapViewOfSection
SSDT 8649D0A8 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 864960E0 ZwOpenProcessToken
SSDT 864814A0 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT 864940D0 ZwResumeThread
SSDT 86482230 ZwSetContextThread
SSDT 862541C8 ZwSetInformationProcess
SSDT 86488168 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 8649B0B0 ZwSuspendProcess
SSDT 86602230 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 8661B078 ZwTerminateThread
SSDT 864995B8 ZwUnmapViewOfSection
SSDT 863DF4D0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!ZwYieldExecution + AF 804E4F70 2 Bytes [ 10, A1 ]
.text ntoskrnl.exe!ZwYieldExecution + B2 804E4F73 5 Bytes [ 86, 80, 83, 61, 86 ]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3277.SYS The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\DRIVERS\update.sys
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867954D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867954D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86418820
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86418820
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 86795C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 86795C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 86795EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 865FF450
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 865FF450
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86566650
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 86795EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86566650
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86566650
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 865D4EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 865D4EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_CREATE 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_CLOSE 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_INTERNAL_DEVICE_CONTROL 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_CLEANUP 865D4EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{59AD5291-8F8C-42D7-B359-60BD93EE27AE} IRP_MJ_PNP 865D4EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 86795788
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 86795788
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8640E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8640E0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 864CE0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 864CE0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 86795EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 86795EB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 862560E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 862560E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86418820
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86418820
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 865687C0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 865687C0
---- EOF - GMER 1.0.12 ----
HJT
Logfile of HijackThis v1.99.1
Scan saved at 9:37:16 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Program Files\HJT\analyse.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe