GMER log:
GMER 1.0.13.12551 -
http://www.gmer.net
Rootkit scan 2007-10-23 02:47:41
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT 8602DF30 ZwAlertResumeThread
SSDT 86030310 ZwAlertThread
SSDT 85F960A8 ZwAllocateVirtualMemory
SSDT 8613D078 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 862408E8 ZwCreateMutant
SSDT 85FF0930 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 8623E748 ZwFreeVirtualMemory
SSDT 862431B8 ZwImpersonateAnonymousToken
SSDT 8602D6E0 ZwImpersonateThread
SSDT 86168928 ZwMapViewOfSection
SSDT 86241C98 ZwOpenEvent
SSDT 86059A78 ZwOpenProcessToken
SSDT 8603E4C8 ZwOpenThreadToken
SSDT 8558C298 ZwQueryValueKey
SSDT 860D1080 ZwResumeThread
SSDT 8603DF30 ZwSetContextThread
SSDT 8609EAD8 ZwSetInformationProcess
SSDT 8603B930 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 86237970 ZwSuspendProcess
SSDT 86031110 ZwSuspendThread
SSDT 860581C8 ZwTerminateProcess
SSDT 86039588 ZwTerminateThread
SSDT 860E4AD0 ZwUnmapViewOfSection
SSDT 860AC0A8 ZwWriteVirtualMemory
---- User code sections - GMER 1.0.13 ----
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe[532] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009D200E
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe[532] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009D1DAF
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe[532] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009D1CF2
.text C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe[532] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009D191B
.text C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe[620] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0105200E
.text C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe[620] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01051DAF
.text C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe[620] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01051CF2
.text C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe[620] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0105191B
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[668] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00C3200E
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[668] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C31DAF
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[668] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C31CF2
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[668] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00C3191B
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[732] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D8200E
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[732] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D81DAF
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[732] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D81CF2
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[732] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D8191B
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[740] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[740] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[740] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[740] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Winamp\winampa.exe[812] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Winamp\winampa.exe[812] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Winamp\winampa.exe[812] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Winamp\winampa.exe[812] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\igfxpers.exe[828] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DF200E
.text C:\WINDOWS\system32\igfxpers.exe[828] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DF1DAF
.text C:\WINDOWS\system32\igfxpers.exe[828] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DF1CF2
.text C:\WINDOWS\system32\igfxpers.exe[828] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DF191B
.text C:\WINDOWS\ATK0100\HControl.exe[844] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0199200E
.text C:\WINDOWS\ATK0100\HControl.exe[844] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01991DAF
.text C:\WINDOWS\ATK0100\HControl.exe[844] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01991CF2
.text C:\WINDOWS\ATK0100\HControl.exe[844] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0199191B
.text C:\WINDOWS\system32\csrss.exe[864] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[864] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[864] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[864] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe[868] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011D200E
.text C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe[868] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011D1DAF
.text C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011D1CF2
.text C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe[868] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011D191B
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Generic\Power4 Gear\BatteryLife.exe[1136] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0095200E
.text C:\Program Files\Generic\Power4 Gear\BatteryLife.exe[1136] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00951DAF
.text C:\Program Files\Generic\Power4 Gear\BatteryLife.exe[1136] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00951CF2
.text C:\Program Files\Generic\Power4 Gear\BatteryLife.exe[1136] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0095191B
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01A4200E
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01A41DAF
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01A41CF2
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01A4191B
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1464] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0147200E
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1464] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01471DAF
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01471CF2
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1464] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0147191B
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1468] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01A3200E
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1468] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01A31DAF
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1468] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01A31CF2
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1468] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01A3191B
.text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1528] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 015A200E
.text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1528] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 015A1DAF
.text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1528] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 015A1CF2
.text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[1528] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 015A191B
.text C:\WINDOWS\system32\spoolsv.exe[1636] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00EC200E
.text C:\WINDOWS\system32\spoolsv.exe[1636] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00EC1DAF
.text C:\WINDOWS\system32\spoolsv.exe[1636] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00EC1CF2
.text C:\WINDOWS\system32\spoolsv.exe[1636] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00EC191B
.text C:\WINDOWS\system32\igfxtray.exe[1660] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E6200E
.text C:\WINDOWS\system32\igfxtray.exe[1660] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E61DAF
.text C:\WINDOWS\system32\igfxtray.exe[1660] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E61CF2
.text C:\WINDOWS\system32\igfxtray.exe[1660] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E6191B
.text C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe[1796] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0090200E
.text C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00901DAF
.text C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00901CF2
.text C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe[1796] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0090191B
.text C:\WINDOWS\system32\hkcmd.exe[1928] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D8200E
.text C:\WINDOWS\system32\hkcmd.exe[1928] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D81DAF
.text C:\WINDOWS\system32\hkcmd.exe[1928] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D81CF2
.text C:\WINDOWS\system32\hkcmd.exe[1928] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D8191B
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2176] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2176] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2176] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\ATK0100\ATKOSD.exe[2176] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\iTunes\iTunesHelper.exe[2236] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 09C6200E
.text C:\Program Files\iTunes\iTunesHelper.exe[2236] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 09C61DAF
.text C:\Program Files\iTunes\iTunesHelper.exe[2236] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 09C61CF2
.text C:\Program Files\iTunes\iTunesHelper.exe[2236] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 09C6191B
.text C:\WINDOWS\system32\ctfmon.exe[2276] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[2276] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[2276] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[2276] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\BitTorrent\bittorrent.exe[2284] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 015B200E
.text C:\Program Files\BitTorrent\bittorrent.exe[2284] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 015B1DAF
.text C:\Program Files\BitTorrent\bittorrent.exe[2284] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 015B1CF2
.text C:\Program Files\BitTorrent\bittorrent.exe[2284] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 015B191B
.text C:\Program Files\AIM6\aim6.exe[2304] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\AIM6\aim6.exe[2304] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\AIM6\aim6.exe[2304] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\AIM6\aim6.exe[2304] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2328] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2328] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2328] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2328] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2328] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\documents and settings\melissa\local settings\application data\ahuqdqpo.exe[2396] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\documents and settings\melissa\local settings\application data\ahuqdqpo.exe[2396] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\documents and settings\melissa\local settings\application data\ahuqdqpo.exe[2396] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\documents and settings\melissa\local settings\application data\ahuqdqpo.exe[2396] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2712] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00F3200E
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2712] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F31DAF
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2712] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F31CF2
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2712] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00F3191B
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe[2796] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe[2796] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe[2796] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe[2796] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtEnumerateKey 7C90D94C 3 Bytes JMP 0091200E
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtEnumerateKey + 4 7C90D950 1 Byte [ 84 ]
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtEnumerateValueKey 7C90D976 3 Bytes JMP 00911DAF
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtEnumerateValueKey + 4 7C90D97A 1 Byte [ 84 ]
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 00911CF2
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ]
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 3 Bytes JMP 0091191B
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2808] ntdll.dll!NtQuerySystemInformation + 4 7C90E1AE 1 Byte [ 84 ]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2856] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2856] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2856] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2856] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] WS2_32.dll!send 71AB428A 5 Bytes JMP 100030E6
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100032CC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100035BC
.text C:\Program Files\iPod\bin\iPodService.exe[3300] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\iPod\bin\iPodService.exe[3300] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\iPod\bin\iPodService.exe[3300] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\iPod\bin\iPodService.exe[3300] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[3580] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0114200E
.text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[3580] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01141DAF
.text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[3580] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01141CF2
.text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[3580] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0114191B
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe[3656] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 034E200E
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe[3656] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 034E1DAF
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe[3656] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 034E1CF2
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe[3656] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 034E191B
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3956] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3956] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3956] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3956] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\GMER\gmer.exe[4768] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\GMER\gmer.exe[4768] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\GMER\gmer.exe[4768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\GMER\gmer.exe[4768] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceA] [6F8A063A] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenServiceA] [6F8A063A] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1292] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2304] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73691DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F73691DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7369454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73691DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F735CF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [AADF78F0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [AADF7950] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [AADF7860] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_F