This topic is locked
I appreciate your assistance.
please help me! i have adware.CDN and my norton cant remove it!
Started by
playsoldier3
, Sep 16 2006 09:36 PM
#151
Posted 13 October 2006 - 10:07 AM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
I appreciate your assistance.
#152
Posted 13 October 2006 - 05:10 PM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
Here is the file im suppose to upload 
and also last night during the scans i went offline and removed my spysweeper and norton, tried to redo the steps to remove, but still didnt work 
, so i reinstalled them back on.
and also last night during the scans i went offline and removed my spysweeper and norton, tried to redo the steps to remove, but still didnt work , so i reinstalled them back on.
Attached Files
-
WinPFind.Txt 131.87KB
207 downloads
#153
Posted 13 October 2006 - 06:58 PM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
I have a question i want to ask , what does this trojan do exactly?
, what does this trojan do exactly?
#154
Posted 13 October 2006 - 08:29 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Hi, playsoldier3
If it is the AdWare.Win32.AdHelper.cd, there is no description available at this time. Seems like a new variant that we need to identify.
http://www.viruslist...?virusid=136683
It should take a while while these files are reviewed at the Spykiller forun. Please be patient.
If it is the AdWare.Win32.AdHelper.cd, there is no description available at this time. Seems like a new variant that we need to identify.
http://www.viruslist...?virusid=136683
It should take a while while these files are reviewed at the Spykiller forun. Please be patient.
#155
Posted 13 October 2006 - 08:38 PM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
what about the trojan.floodads? that one also came up for the same file
#156
Posted 13 October 2006 - 09:47 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
No description.what about the trojan.floodads? that one also came up for the same file
#157
Posted 13 October 2006 - 10:03 PM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
is this thing a RAT?
#158
Posted 14 October 2006 - 03:17 AM
dvk01
-
- Visiting Consultant
-
- 201 posts
Malware Expert
run avenger again with this as the script file please
Files to delete:
C:\CdnFiles.txt
C:\WINDOWS\system32\hxvaophg.txt
C:\WINDOWS\system32\cdnprot.dat
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\WINDOWS\system32\updata.ini
C:\WINDOWS\DUMP568c.tmp
C:\WINDOWS\DUMP58be.tmp
C:\WINDOWS\DUMP592c.tmp
C:\WINDOWS\DUMP5ca6.tmp
C:\WINDOWS\DUMP58de.tmp
C:\WINDOWS\DUMP58ed.tmp
C:\WINDOWS\DUMP594b.tmp
C:\WINDOWS\DUMP5c97.tmp
C:\WINDOWS\DUMP5ab2.tmp
C:\WINDOWS\DUMP5d04.tmp
C:\WINDOWS\download.ini
C:\WINDOWS\WININIT.INI
C:\WINDOWS\system32\inetinfo.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD
when it reboots post back with avenger.txt & a new HJT log
I'm getting 2 other files checked taht also might be involved
Files to delete:
C:\CdnFiles.txt
C:\WINDOWS\system32\hxvaophg.txt
C:\WINDOWS\system32\cdnprot.dat
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\WINDOWS\system32\updata.ini
C:\WINDOWS\DUMP568c.tmp
C:\WINDOWS\DUMP58be.tmp
C:\WINDOWS\DUMP592c.tmp
C:\WINDOWS\DUMP5ca6.tmp
C:\WINDOWS\DUMP58de.tmp
C:\WINDOWS\DUMP58ed.tmp
C:\WINDOWS\DUMP594b.tmp
C:\WINDOWS\DUMP5c97.tmp
C:\WINDOWS\DUMP5ab2.tmp
C:\WINDOWS\DUMP5d04.tmp
C:\WINDOWS\download.ini
C:\WINDOWS\WININIT.INI
C:\WINDOWS\system32\inetinfo.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD
when it reboots post back with avenger.txt & a new HJT log
I'm getting 2 other files checked taht also might be involved
Edited by dvk01, 14 October 2006 - 03:19 AM.
#159
Posted 14 October 2006 - 03:31 AM
dvk01
-
- Visiting Consultant
-
- 201 posts
Malware Expert
I am waiting to hear about C:\WINDOWS\SlantAdj.dll bnut looking at it I doubt if it is connected
This is a downloader component but connected to yummy interactive who appear to be a legitimate company connected to various games
C:\WINDOWS\system32\ymyucl.dll
at first glance I doubt if it is connected either but I'm waiting on full analysis from several antivirus companies just to be sure
This is a downloader component but connected to yummy interactive who appear to be a legitimate company connected to various games
C:\WINDOWS\system32\ymyucl.dll
at first glance I doubt if it is connected either but I'm waiting on full analysis from several antivirus companies just to be sure
#160
Posted 14 October 2006 - 03:36 AM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rvmjisej
*******************
Script file located at: \??\C:\tpaoxhir.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\CdnFiles.txt deleted successfully.
File C:\WINDOWS\system32\hxvaophg.txt deleted successfully.
File C:\WINDOWS\system32\cdnprot.dat deleted successfully.
File C:\WINDOWS\system32\drivers\cdnprot.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\cdnprot.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\cdnprot.sys
Status: 0xc0000034
File C:\WINDOWS\system32\updata.ini deleted successfully.
File C:\WINDOWS\DUMP568c.tmp deleted successfully.
File C:\WINDOWS\DUMP58be.tmp deleted successfully.
File C:\WINDOWS\DUMP592c.tmp deleted successfully.
File C:\WINDOWS\DUMP5ca6.tmp deleted successfully.
File C:\WINDOWS\DUMP58de.tmp deleted successfully.
File C:\WINDOWS\DUMP58ed.tmp deleted successfully.
File C:\WINDOWS\DUMP594b.tmp deleted successfully.
File C:\WINDOWS\DUMP5c97.tmp deleted successfully.
File C:\WINDOWS\DUMP5ab2.tmp deleted successfully.
File C:\WINDOWS\DUMP5d04.tmp deleted successfully.
File C:\WINDOWS\download.ini deleted successfully.
File C:\WINDOWS\WININIT.INI deleted successfully.
File C:\WINDOWS\system32\inetinfo.exe deleted successfully.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD not found!
Deletion of file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD failed!
Could not process line:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 2:36:40, on 2006-10-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\OpenSSL.exe
C:\WINDOWS\system32\inetinfo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [inetinfo] C:\WINDOWS\system32\inetinfo.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156487740671
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rvmjisej
*******************
Script file located at: \??\C:\tpaoxhir.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\CdnFiles.txt deleted successfully.
File C:\WINDOWS\system32\hxvaophg.txt deleted successfully.
File C:\WINDOWS\system32\cdnprot.dat deleted successfully.
File C:\WINDOWS\system32\drivers\cdnprot.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\cdnprot.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\cdnprot.sys
Status: 0xc0000034
File C:\WINDOWS\system32\updata.ini deleted successfully.
File C:\WINDOWS\DUMP568c.tmp deleted successfully.
File C:\WINDOWS\DUMP58be.tmp deleted successfully.
File C:\WINDOWS\DUMP592c.tmp deleted successfully.
File C:\WINDOWS\DUMP5ca6.tmp deleted successfully.
File C:\WINDOWS\DUMP58de.tmp deleted successfully.
File C:\WINDOWS\DUMP58ed.tmp deleted successfully.
File C:\WINDOWS\DUMP594b.tmp deleted successfully.
File C:\WINDOWS\DUMP5c97.tmp deleted successfully.
File C:\WINDOWS\DUMP5ab2.tmp deleted successfully.
File C:\WINDOWS\DUMP5d04.tmp deleted successfully.
File C:\WINDOWS\download.ini deleted successfully.
File C:\WINDOWS\WININIT.INI deleted successfully.
File C:\WINDOWS\system32\inetinfo.exe deleted successfully.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD not found!
Deletion of file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD failed!
Could not process line:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES21DD
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 2:36:40, on 2006-10-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\OpenSSL.exe
C:\WINDOWS\system32\inetinfo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [inetinfo] C:\WINDOWS\system32\inetinfo.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156487740671
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
#161
Posted 14 October 2006 - 03:38 AM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
the cdn and the adware spyware thing seems to be ogne
#162
Posted 14 October 2006 - 04:25 AM
dvk01
-
- Visiting Consultant
-
- 201 posts
Malware Expert
we can't see what is keeping inetinfo installed. It won't be any of your security programs as they all detect it & try to remove it as well
lets see what this shows
download gmer rootkit detector from http://gmer.net/gmer.zip
unzip it & double click the gmer.exe file
select rootkit tab & press scan
when it has finished press save & post back the log it makes
also select the autostarts tab & do the same there
Edited to include the Gmer.zip link.
lets see what this shows
download gmer rootkit detector from http://gmer.net/gmer.zip
unzip it & double click the gmer.exe file
select rootkit tab & press scan
when it has finished press save & post back the log it makes
also select the autostarts tab & do the same there
Edited to include the Gmer.zip link.
Edited by JSntgRvr, 14 October 2006 - 11:44 AM.
#163
Posted 14 October 2006 - 09:03 AM
dvk01
-
- Visiting Consultant
-
- 201 posts
Malware Expert
I would also like you to try Ewido/AVGAS as well
* Download the Trial/Demo version of Ewido Anti Spyware When the trial period expires it becomes freeware with reduced functions but still worth keeping or you have the option of buying a licence for the full version
EWIDO DOWNLOAD
* Install ewido.
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the top of the main screen click update
* Click on Start and let it update.
* now boot to safe mode by following advice here http://service1.syma...src=sec_doc_nam
* Now run Ewido:
* Click on scanner then click on settings tab , select all options allowed & select recommended actions and set recommended actions to quarantine then set automatically generate reports after every scan & only if threats were found
* Now press the scan tab. Click the Complete System Scan button to start the scan.
* When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine and check the box "Perform action with all infections".
If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Post back with the ewido scan log
* Download the Trial/Demo version of Ewido Anti Spyware When the trial period expires it becomes freeware with reduced functions but still worth keeping or you have the option of buying a licence for the full version
EWIDO DOWNLOAD
* Install ewido.
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the top of the main screen click update
* Click on Start and let it update.
* now boot to safe mode by following advice here http://service1.syma...src=sec_doc_nam
* Now run Ewido:
* Click on scanner then click on settings tab , select all options allowed & select recommended actions and set recommended actions to quarantine then set automatically generate reports after every scan & only if threats were found
* Now press the scan tab. Click the Complete System Scan button to start the scan.
* When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine and check the box "Perform action with all infections".
If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Post back with the ewido scan log
#164
Posted 14 October 2006 - 09:18 PM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
i reinstalled windows defender back in, it said the definitions werent updated so i followed link to microsoft website and it gave me advice on how to fix the problem to update the program, but while i was doing it, the computer restarted, and this error came up after it rebooted, anyways ill get onto the rootkit thing now
#165
Posted 14 October 2006 - 09:52 PM
playsoldier3
- Topic Starter
-
- Member
-
- 110 posts
Member
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-14 20:51:09
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SSDT 86B58148 ZwAlertResumeThread
SSDT 86B66DF0 ZwAlertThread
SSDT 86CF0E70 ZwAllocateVirtualMemory
SSDT 86AE2368 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT 86B50558 ZwCreateMutant
SSDT 871CDBB8 ZwCreateProcess
SSDT 871CF1E8 ZwCreateProcessEx
SSDT 86CFEF98 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 86B76268 ZwFreeVirtualMemory
SSDT 86B567A0 ZwImpersonateAnonymousToken
SSDT 86B56948 ZwImpersonateThread
SSDT 86D79008 ZwMapViewOfSection
SSDT 86B49070 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT 86B79C88 ZwOpenProcessToken
SSDT 86B6F978 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT 86B15E68 ZwQueryValueKey
SSDT 870F8B60 ZwQueueApcThread
SSDT 870F89F8 ZwReadVirtualMemory
SSDT 871C8238 ZwRenameKey
SSDT 86B22D30 ZwResumeThread
SSDT 86B6E208 ZwSetContextThread
SSDT 871CC078 ZwSetInformationKey
SSDT 86B71260 ZwSetInformationProcess
SSDT 86B6E130 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 86B416B0 ZwSuspendProcess
SSDT 86B6D930 ZwSuspendThread
SSDT 86B79CC0 ZwTerminateProcess
SSDT 86B6DA08 ZwTerminateThread
SSDT 86B72238 ZwUnmapViewOfSection
SSDT 86AE64E8 ZwWriteVirtualMemory
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 87185EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8692F0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_CREATE 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_CLOSE 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_INTERNAL_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_CLEANUP 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_PNP 869C80E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_PNP 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_PNP 86A230E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 86977990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 871D2C78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 86977990
Device \Driver\00000072 \Device\00000062 IRP_MJ_POWER [F73CBEA8] sptd.sys
Device \Driver\00000072 \Device\00000062 IRP_MJ_SYSTEM_CONTROL [F73DFA70] sptd.sys
Device \Driver\00000072 \Device\00000062 IRP_MJ_PNP [F73D8728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 871D2EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86C5FEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86A930E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86C5FEB0
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_PNP 86A230E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 869C80E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_PNP 86A230E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 869C80E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_PNP 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_PNP 86A230E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 86977990
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 86977990
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_POWER 871D2398
Device \Driver&#
Rootkit 2006-10-14 20:51:09
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SSDT 86B58148 ZwAlertResumeThread
SSDT 86B66DF0 ZwAlertThread
SSDT 86CF0E70 ZwAllocateVirtualMemory
SSDT 86AE2368 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT 86B50558 ZwCreateMutant
SSDT 871CDBB8 ZwCreateProcess
SSDT 871CF1E8 ZwCreateProcessEx
SSDT 86CFEF98 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 86B76268 ZwFreeVirtualMemory
SSDT 86B567A0 ZwImpersonateAnonymousToken
SSDT 86B56948 ZwImpersonateThread
SSDT 86D79008 ZwMapViewOfSection
SSDT 86B49070 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT 86B79C88 ZwOpenProcessToken
SSDT 86B6F978 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT 86B15E68 ZwQueryValueKey
SSDT 870F8B60 ZwQueueApcThread
SSDT 870F89F8 ZwReadVirtualMemory
SSDT 871C8238 ZwRenameKey
SSDT 86B22D30 ZwResumeThread
SSDT 86B6E208 ZwSetContextThread
SSDT 871CC078 ZwSetInformationKey
SSDT 86B71260 ZwSetInformationProcess
SSDT 86B6E130 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 86B416B0 ZwSuspendProcess
SSDT 86B6D930 ZwSuspendThread
SSDT 86B79CC0 ZwTerminateProcess
SSDT 86B6DA08 ZwTerminateThread
SSDT 86B72238 ZwUnmapViewOfSection
SSDT 86AE64E8 ZwWriteVirtualMemory
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 87185EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 87185EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8692F0E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8692F0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_CREATE 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_CLOSE 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_INTERNAL_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_CLEANUP 869C80E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E454848F-8496-479A-A49E-EF2E6AC32203} IRP_MJ_PNP 869C80E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008e IRP_MJ_PNP 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\0000008f IRP_MJ_PNP 86A230E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 86977990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 871D2C78
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 871D2C78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 86977990
Device \Driver\00000072 \Device\00000062 IRP_MJ_POWER [F73CBEA8] sptd.sys
Device \Driver\00000072 \Device\00000062 IRP_MJ_SYSTEM_CONTROL [F73DFA70] sptd.sys
Device \Driver\00000072 \Device\00000062 IRP_MJ_PNP [F73D8728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 871D2EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 871D2EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86C5FEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86A930E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86A930E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86C5FEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86C5FEB0
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000090 IRP_MJ_PNP 86A230E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 869C80E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 869C80E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000091 IRP_MJ_PNP 86A230E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 869C80E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 869C80E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000092 IRP_MJ_PNP 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_CREATE 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_CLOSE 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_READ 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_WRITE 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_INTERNAL_DEVICE_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_POWER 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_SYSTEM_CONTROL 86A230E8
Device \Driver\USBSTOR \Device\00000093 IRP_MJ_PNP 86A230E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 86977990
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 868C39F8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 86A483C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 86A47E90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 869DEE90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 86A45988
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 86A45910
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 86A49B80
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 86A49B08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 86A49A90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 86A49A18
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 86A30FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 86A30F30
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 86A30EB8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 86A30E40
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 86979B10
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 86979A98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 86979A20
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 869799A8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 86979678
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 86979600
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 86979588
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 86979510
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 86979FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 86979F30
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 86979EB8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 86979E40
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 86977A08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 86977990
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_POWER 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SYSTEM_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_PNP 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_CREATE 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_CLOSE 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_READ 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_WRITE 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_FLUSH_BUFFERS 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_SHUTDOWN 871D2398
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_POWER 871D2398
Device \Driver&#
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
