That seemed to run fine. Here's the log:
GMER 1.0.13.12551 -
http://www.gmer.net
Rootkit scan 2007-07-13 11:08:30
Windows 5.0.2195 Service Pack 4
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver
INT 0x2E srescan.sys BFE70A9D
---- Kernel code sections - GMER 1.0.13 ----
? srescan.sys The system cannot find the file specified.
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp The system cannot find the file specified.
.text NTDLL.DLL!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text NTDLL.DLL!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
---- User code sections - GMER 1.0.13 ----
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[664] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[664] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[664] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[664] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[664] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[664] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[752] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[752] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[752] kernel32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[752] kernel32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[752] kernel32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[752] kernel32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\RUNDLL32.EXE[976] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\WINNT\system32\RUNDLL32.EXE[976] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\WINNT\system32\RUNDLL32.EXE[976] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\RUNDLL32.EXE[976] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\RUNDLL32.EXE[976] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\WINNT\system32\RUNDLL32.EXE[976] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\internat.exe[988] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\WINNT\system32\internat.exe[988] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\WINNT\system32\internat.exe[988] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\internat.exe[988] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\internat.exe[988] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\WINNT\system32\internat.exe[988] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe[992] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe[992] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe[992] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe[992] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe[992] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe[992] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\PROGRA~1\Grisoft\AVG\avgcc.exe[1208] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\PROGRA~1\Grisoft\AVG\avgcc.exe[1208] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\PROGRA~1\Grisoft\AVG\avgcc.exe[1208] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\PROGRA~1\Grisoft\AVG\avgcc.exe[1208] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\PROGRA~1\Grisoft\AVG\avgcc.exe[1208] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\PROGRA~1\Grisoft\AVG\avgcc.exe[1208] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe[1212] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe[1212] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe[1212] kernel32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe[1212] kernel32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe[1212] kernel32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe[1212] kernel32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\rundll32.exe[1520] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\WINNT\system32\rundll32.exe[1520] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\WINNT\system32\rundll32.exe[1520] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\rundll32.exe[1520] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\rundll32.exe[1520] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\WINNT\system32\rundll32.exe[1520] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\DeskSlide\DeskSlide.exe[1868] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\DeskSlide\DeskSlide.exe[1868] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\Program Files\DeskSlide\DeskSlide.exe[1868] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\DeskSlide\DeskSlide.exe[1868] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\Program Files\DeskSlide\DeskSlide.exe[1868] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\Program Files\DeskSlide\DeskSlide.exe[1868] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\WINNT\Explorer.EXE[1900] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\WINNT\Explorer.EXE[1900] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\WINNT\Explorer.EXE[1900] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\Explorer.EXE[1900] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\Explorer.EXE[1900] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\WINNT\Explorer.EXE[1900] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe[1984] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe[1984] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe[1984] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe[1984] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe[1984] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe[1984] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\lexpps.exe[2000] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\WINNT\system32\lexpps.exe[2000] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\WINNT\system32\lexpps.exe[2000] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\lexpps.exe[2000] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\lexpps.exe[2000] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\WINNT\system32\lexpps.exe[2000] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\Quicktime\qttask.exe[2136] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Quicktime\qttask.exe[2136] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Quicktime\qttask.exe[2136] KERNEL32.DLL!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Quicktime\qttask.exe[2136] KERNEL32.DLL!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\Program Files\Quicktime\qttask.exe[2136] KERNEL32.DLL!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\Program Files\Quicktime\qttask.exe[2136] KERNEL32.DLL!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\MemTurbo\MemTurbo.exe[2164] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\MemTurbo\MemTurbo.exe[2164] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\Program Files\MemTurbo\MemTurbo.exe[2164] KERNEL32.DLL!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\MemTurbo\MemTurbo.exe[2164] KERNEL32.DLL!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\Program Files\MemTurbo\MemTurbo.exe[2164] KERNEL32.DLL!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\Program Files\MemTurbo\MemTurbo.exe[2164] KERNEL32.DLL!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[2212] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[2212] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[2212] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[2212] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[2212] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[2212] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\Norton\Ghost\Agent\PQV2iSvc.exe[2244] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\Program Files\ZoneAlarm\zlclient.exe[2292] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2296] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2296] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2296] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2296] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2296] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2296] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe[2332] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe[2332] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe[2332] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe[2332] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe[2332] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe[2332] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2448] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2448] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2448] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2448] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2448] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2448] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\Norton\Ghost\Agent\GhostTray.exe[2572] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Norton\Ghost\Agent\GhostTray.exe[2572] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Norton\Ghost\Agent\GhostTray.exe[2572] KERNEL32.DLL!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Norton\Ghost\Agent\GhostTray.exe[2572] KERNEL32.DLL!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text D:\Program Files\Norton\Ghost\Agent\GhostTray.exe[2572] KERNEL32.DLL!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text D:\Program Files\Norton\Ghost\Agent\GhostTray.exe[2572] KERNEL32.DLL!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe[2588] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe[2588] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe[2588] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe[2588] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe[2588] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe[2588] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
.text D:\Program Files\TrojanHunter 4.2\THGuard.exe[2632] kernel32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\GMER\GiveAnotherGo.exe[3032] ntdll.dll!NtOpenProcess 77F8870C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\GMER\GiveAnotherGo.exe[3032] ntdll.dll!NtOpenProcess + 4 77F88710 2 Bytes [ 0E, 5F ]
.text C:\Program Files\GMER\GiveAnotherGo.exe[3032] KERNEL32.dll!DebugActiveProcess 7C57FCEF 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\GMER\GiveAnotherGo.exe[3032] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\GMER\GiveAnotherGo.exe[3032] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes [ 6A, F7, A6, E2 ]
.text C:\Program Files\GMER\GiveAnotherGo.exe[3032] KERNEL32.dll!OpenProcess 7C5969AD 6 Bytes JMP 5F040F5A
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BE664950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BE664AC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BE664E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BE664FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BE664950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BE664E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BE664FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BE664AC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BE664950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BE664FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BE664E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\nbf.sys[NDIS.SYS!NdisCloseAdapter] [BE664FD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\nbf.sys[NDIS.SYS!NdisOpenAdapter] [BE664E70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\nbf.sys[NDIS.SYS!NdisDeregisterProtocol] [BE664AC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\nbf.sys[NDIS.SYS!NdisRegisterProtocol] [BE664950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [BE671FB0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [BE65D570] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [BE65D4C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [BE65D670] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [BE65D1D0] \SystemRoot\System32\vsdatant.sys
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll
IAT C:\WINNT\Explorer.EXE[1900] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BFF4066E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [EB934404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BBECD330] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BBECD3A0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BBECD290] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BBECD290] SYMEVENT.SYS
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BE6718A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [BE6718A0] vsdatant.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [BBECD330] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [BBECD3A0] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [BBECD290] SYMEVENT.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [BFF4066E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [EB934404] avg7rsw.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE