Hi all!!

My AntiVir Personal Edition doesnt work anymore, SpyBot doesn't start, so I don't know what to do!!

Here is my HJT report:

Logfile of HijackThis v1.99.1
Scan saved at 16.40.28, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Music Up\Desktop\gmer\gmer.exe
C:\Documents and Settings\Music Up\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [STARTRIGHT] "C:\Programmi\StartRight\StartRight.exe" -go
O4 - HKLM\..\RunOnce: [STARTRIGHT] "C:\Programmi\StartRight\StartRight.exe" -pre
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://p463.demo.pixord.com/push04.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120173459437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142636725046
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} (ProfileAccessCtrl Class) - http://p463.demo.pixord.com/access01.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\EPSON\ESM2\eEBSVC.exe
O23 - Service: Fetnffripor - VIA Technologies, Inc. - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

And here it is my GMER report:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-19 16:55:33
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.13 ----

.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4379166F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915F0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 43791634 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4379157C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916AA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Programmi\internet explorer\iexplore.exe[2512] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 43621676 C:\WINDOWS\system32\IEFRAME.dll

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\SPTD2125.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\dtscsi.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 82395EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 82395EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 823E0808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 823E0808
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1944B10
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1944B10
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1944B10
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823E0A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 821160E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 821160E8

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 820250E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 820250E8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E15A5188
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E15A5188
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E15A5188
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81FA25E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81FA25E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81FA25E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81FA25E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81FA25E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81FA25E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81FA25E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81FA25E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81FA25E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81FA25E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81FA25E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81FA25E0
Device \Driver\00000054 \Device\0000004f IRP_MJ_POWER [F844EA26] sptd.sys
Device \Driver\00000054 \Device\0000004f IRP_MJ_SYSTEM_CONTROL [F8462BD8] sptd.sys
Device \Driver\00000054 \Device\0000004f IRP_MJ_PNP [F845B54E] sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 823950E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 823950E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 823950E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 821F3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 821F3EB0

Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_CREATE 81FA25E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_CLOSE 81FA25E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_DEVICE_CONTROL 81FA25E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_INTERNAL_DEVICE_CONTROL 81FA25E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_CLEANUP 81FA25E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E7CD8D0F-D972-4E74-9BBA-CC15874011A7} IRP_MJ_PNP 81FA25E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 821C1860
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 821C1860
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823E0A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823E0A40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 820A27D0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 820A27D0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 81FF8EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 81FF8EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 81FF8EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81FF8EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 81FF8EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 81FF8EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 81FF8EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 82395EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 82395EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81F9F750
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81F9F750

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F845089E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466D86] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F8450E24] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F8450D28] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F8450EF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F8450EF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F8450E24] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F8450D28] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84661AE] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F8450A5A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F846604A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F84508F2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8443AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8443C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8443B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F844476C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8444642] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466E4A] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F84558C6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F846604A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8466056] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466E4A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F8450CC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F8450CC6] sptd.sys

---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT F82527E4 ZwCreateThread
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT F82527D0 ZwOpenProcess
SSDT F82527D5 ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT F82527DF ZwTerminateProcess
SSDT F82527DA ZwWriteVirtualMemory

---- EOF - GMER 1.0.13 ----