smitfraud-c Toolbar 888

[exodus264]

Hi.

I killed those files too. I'm still finding the occasional ad window open and spybot and AVG are still giving a large number of hits.

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 23, 2007 6:41:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/05/2007
Kaspersky Anti-Virus database records: 328229
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 80703
Number of viruses found: 2
Number of infected objects: 1
Number of suspicious objects: 1
Duration of the scan process: 01:12:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04082007-213105.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\History\History.IE5\MSHist012007052320070524\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temp\Perflib_Perfdata_7fc.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\Content.IE5\23WF7RTU\in[1].htm Infected: Trojan-Downloader.JS.Psyme.cz skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\Content.IE5\ALW0HH9H\deliver46860[1].htm Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cathy Wolf\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP16\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9566A94E-28CE-46BB-8D9A-8B3F027A8B5A}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8834CF05-D936-440E-B805-57F5BDA6BB52}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:48:26 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\kill button\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\temp\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Shortcut to pccguide.lnk = C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

[exodus264]

I went ahead and installed spyware blaster, I'll see if that helps.

[Shaba]

Hi

Empty internet explorer temporary internet files.

Well then post AVG report and spybot report if those still occur.

[tashi]

Due to lack of feedback this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

[tashi]

Re-opened upon request.

[exodus264]

Hi.

Sorry for the long delay. I've been monitoring the computer for the past week with mixed results (this is with spyware blaster activated). At first it looked like there were no longer random ad pop-ups but ads started popping up again, on two occasions it even caused the computer to freeze such that it had to be restarted. AVG and spybot still consistently have a decent number of results, though they all seem to be tracking cookies. The tracking cookies don't sound like they're a real problem. Hopefully you still have some ideas for getting rid of the ad windows.

Spybot:

HitBox
K2L
Win32.Agent.amr
ZQest.K8L

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:22:23 AM 6/1/2007

+ Scan result:



[564] VM_01DE0000 -> Adware.NaviPromo : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.


::Report end

[Shaba]

Hi


Download Blacklight Beta from here:
https://europe.f-secure.com/exclude/...ht/index.shtml
* Hit I accept. It will take you to the download page.
* Download fsbl.exe and save it to the C:\
* Once saved... double click fsbl.exe to install the program.
Go to Start-->Run, copy in the following text and press Enter:
C:\fsbl.exe /expert
(space between fsbl.exe and /expert)

Accept the agreement, leave [X]scan through Windows Explorer checked.
Click > scan, Then > next
You'll see a list of all items found.
Don't do anything else right now.
There will be a log in C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

[exodus264]

Hi.

Here are the results:

06/01/07 17:55:50 [Info]: BlackLight Engine 1.0.61 initialized
06/01/07 17:55:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/01/07 17:55:50 [Note]: 7019 4
06/01/07 17:55:50 [Note]: 7005 0
06/01/07 17:56:19 [Note]: 7006 0
06/01/07 17:56:19 [Note]: 7022 0
06/01/07 17:56:19 [Note]: 7011 1848
06/01/07 17:56:20 [Note]: 7026 0
06/01/07 17:56:20 [Note]: 7026 0
06/01/07 17:56:23 [Note]: FSRAW library version 1.7.1021
06/01/07 18:01:05 [Note]: 2000 1012
06/01/07 18:01:05 [Note]: 2000 1012
06/01/07 18:01:05 [Note]: 2000 1012

[Shaba]

Hi

Let's do a doublecheck because of this:

[564] VM_01DE0000 -> Adware.NaviPromo : Cleaned.

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

[exodus264]

Hi

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-02 16:51:09
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6A4A68E 5 Bytes JMP 866421B8
? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 4309FF9F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 4309FF20 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 4309FF64 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 4309FEAC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 4309FEE6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 4309FFDA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F315D2 C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85B24990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86625990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867681D8