Famous Smitfraud toolbar !!

[Mr_JAk3]

Hello

Ok don't worry, we'll try another scanner then if AVG doesn't complete. You may continue with the other instructions but just replace AVG run with this:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Also no need to delete that 57.dll at the moment as Spybot has already quarantined it.

 

[Dsijion]

after only 30 seconds... it found 1 viruse and 8 suspicious objects... it's running... will reply as soon as it finish.

Hope that the said virus is not too bad !!!

 

[Dsijion]

same thing

It just start perfectly and jam at every .html photoshop 6.0 help files...

like 1 file every 30 minutes and it have like 50 files so...

can I just scan everything but this help folder ?? ... ... without selecting every programs folders ?

maybe if I select all but without the html files... whatever... there is not only html files that jam.

there were 5 virus and more than 10 objects infected and/or suspicious so I think it's a good thing to scan everything.

Oh... and my Internet is pretty slow sometimes but no more popups... much better... but still something !

Thanks again... haha... and... what can I do !?!?!

 

[Mr_JAk3]

Hi

Maybe you need to give some time for the scanning. It would propably be best to let the scan run at night when you sleep. Just remember to disable any powersaving/autoshutdowns...


We'll try with this scanner then, give it time to run:

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:

• Restart your computer
• Start tapping the F8 key when the computer restarts.
• When the start menu opens, choose Safe mode
• Press Enter. The computer then begins to start in Safe mode.

Run a scan with Dr.Web CureIt

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, you should now mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can click next icon next to the files found
  
• If so, click it and then click the next icon right below and select Move incurable
• After the scan, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot the computer in Normal Mode,
• Post the Cure-it report and a fresh HijackThis log

 

[Dsijion]

There it is !

Process.exe
Process.exe
restart.exe
GoogleUpdaterInstallMgr.exe
VBAOL10.CHM\html/olobjAddressEntries.htm
VBAOL10.CHM
Yazzle1162OinAdmin.exe.vir
svwtvbka.dll.vir
winsys64.exe.vir
winzdn32.dll.vir
WAUCLT~1.VIR
A0225662.exe
A0229909.dll
A0229915.exe
A0230898.dll
A0230948.dll
A0230949.exe
A0230967.dll
A0230968.dll
A0230969.dll
A0230970.dll
A0231035.DLL
A0231838.dll
A0231839.dll
A0231892.exe
A0231893.exe
A0231894.exe
A0231924.exe
A0231928.exe
A0231930.exe
A0231931.dll
A0231932.dll
A0232007.exe
A0232009.exe
A0232010.exe
A0232189.dll
A0232190.dll
A0233243.exe
opnnlii.dll.bad
pmkjj.dll.bad
puosdtkx.dll.bad
qommjge.dll.bad
urqppmn.dll.bad
urqpqop.dll.bad
Process.exe


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 15:32:09, on 2007-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hope it did a great job !! ... look's like

 

[Dsijion]

Oh... and I've scan and fixed this... !!

Shot at 2007-06-27

 

[Mr_JAk3]

Hello

How is the computer running now?

DrWeb removed or quarantined the found infections, right?

 

[Dsijion]

no more pop ups... but my Internet is crazy slow... for no reason !!

A Technician came to my house to change a connectionn (outside... there were a connection with water in it... whatever) and only after that I've connected my computer to the Internet and scaned it.

Now... It's crazy slow... like... I waiting for basic stuff like Google or you forum...

If you have a way to tcheck if there is an other virus problem tell me... On my side... I will contact the web companie and ask them how is my sgnal.

 

[Mr_JAk3]

OK in that case we'll need to do some more research....

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

 

[Dsijion]

I've erease every "space" caracter cuz I had like 15X too much caracter for this forum... and it was unreadable.

Hope it's fine for you... and about the "please don't select the "show all"... it was already so... tell me what you need and I can rescan it if you want. Or what you don't need.

so....
There it is:
______________________________________________

GMER1.0.13.12551-http://www.gmer.net
Rootkitscan2007-07-0323:48:08
Windows5.1.2600ServicePack2


----System-GMER1.0.13----

SSDTE1DB95F8ZwConnectPort
SSDTsptd.sysZwCreateKey
SSDTsptd.sysZwEnumerateKey
SSDTsptd.sysZwEnumerateValueKey
SSDTsptd.sysZwOpenKey
SSDT\??\C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.sysZwOpenProcess
SSDTsptd.sysZwQueryKey
SSDTsptd.sysZwQueryValueKey
SSDTsptd.sysZwSetValueKey
SSDT\??\C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.sysZwTerminateProcess

----Kernelcodesections-GMER1.0.13----

?C:\WINDOWS\system32\drivers\sptd.sysTheprocesscannotaccessthefilebecauseitisbeingusedbyanotherprocess.
.textUSBPORT.SYS!DllUnloadF640462C5BytesJMP868F91B8
?System32\Drivers\a2qg05ax.SYSThesystemcannotfindthepathspecified.

----KernelIAT/EAT-GMER1.0.13----

IAT\WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt][F73C0580]sptd.sys
IATpci.sys[ntoskrnl.exe!IoDetachDevice][F73C052C]sptd.sys
IATpci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack][F73DAAB8]sptd.sys
IATatapi.sys[ntoskrnl.exe!IoConnectInterrupt][F73C0580]sptd.sys
IATatapi.sys[HAL.dll!READ_PORT_UCHAR][F73ACABA]sptd.sys
IATatapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT][F73ACC00]sptd.sys
IATatapi.sys[HAL.dll!READ_PORT_USHORT][F73ACB82]sptd.sys
IATatapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT][F73AD72E]sptd.sys
IATatapi.sys[HAL.dll!WRITE_PORT_UCHAR][F73AD604]sptd.sys

----Devices-GMER1.0.13----

Device\FileSystem\Ntfs\NtfsIRP_MJ_CREATE86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_CLOSE86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_READ86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_WRITE86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_EA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_EA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_FLUSH_BUFFERS86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_VOLUME_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_VOLUME_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_DIRECTORY_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_FILE_SYSTEM_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_DEVICE_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SHUTDOWN86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_LOCK_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_CLEANUP86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_SECURITY86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_SECURITY86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_QUOTA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_QUOTA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_PNP86B5E1D8

AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CREATE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CREATE_NAMED_PIPE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CLOSE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_READ[F45800D0]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_WRITE[F45803E0]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_FLUSH_BUFFERS[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_DIRECTORY_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_FILE_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_INTERNAL_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SHUTDOWN[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_LOCK_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CLEANUP[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CREATE_MAILSLOT[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_POWER[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_DEVICE_CHANGE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_QUOTA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_QUOTA[F4580340]SYMEVENT.SYS

Device\FileSystem\Fastfat\FatCdromIRP_MJ_CREATE867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_CLOSE867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_READ867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_WRITE867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_QUERY_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SET_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_QUERY_EA867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SET_EA867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_FLUSH_BUFFERS867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_QUERY_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SET_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_DIRECTORY_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_FILE_SYSTEM_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_DEVICE_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SHUTDOWN867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_LOCK_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_CLEANUP867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_PNP867E5838

AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS

Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_PNP869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_PNP869A51D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_PNP86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_PNP86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_PNP86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_PNP86BD11D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_PNP869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_PNP869A51D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_CREATE8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_CLOSE8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_INTERNAL_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_POWER8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_SYSTEM_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_PNP8698E1D8

AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS

 

[Dsijion]

Device\Driver\00000127\Device\00000056IRP_MJ_POWER[F73BAD74]sptd.sys
Device\Driver\00000127\Device\00000056IRP_MJ_SYSTEM_CONTROL[F73D42A2]sptd.sys
Device\Driver\00000127\Device\00000056IRP_MJ_PNP[F73D5228]sptd.sys
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_PNP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_PNP86B601D8
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_CREATE86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_CLOSE86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_READ86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_WRITE86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_FLUSH_BUFFERS86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_INTERNAL_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_SHUTDOWN86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_POWER86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_SYSTEM_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_PNP86987560
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_PNP86B601D8
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_CREATE86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_CLOSE86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_READ86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_WRITE86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_FLUSH_BUFFERS86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_INTERNAL_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_SHUTDOWN86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_POWER86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_SYSTEM_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_PNP86987560
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_PNP86B5F1D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_PNP86B601D8
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_CREATE86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_CLOSE86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_READ86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_WRITE86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_FLUSH_BUFFERS86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_INTERNAL_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_SHUTDOWN86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_POWER86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_SYSTEM_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_PNP86987560
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_CREATE8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_CLOSE8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_INTERNAL_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_CLEANUP8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_PNP8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_CREATE8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_CLOSE8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_INTERNAL_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_CLEANUP8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_PNP8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_CREATE8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_CLOSE8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_INTERNAL_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_CLEANUP8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_PNP8664A7E8

AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS

 

[Dsijion]

Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_PNP869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_PNP869A51D8
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CREATE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CREATE_NAMED_PIPE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CLOSE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_READ86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_WRITE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_FLUSH_BUFFERS86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_DIRECTORY_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_FILE_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_INTERNAL_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SHUTDOWN86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_LOCK_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CLEANUP86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CREATE_MAILSLOT86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_POWER86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_DEVICE_CHANGE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_PNP86651980
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_PNP869A51D8
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CREATE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CREATE_NAMED_PIPE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CLOSE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_READ86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_WRITE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_FLUSH_BUFFERS86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_DIRECTORY_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_FILE_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_INTERNAL_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SHUTDOWN86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_LOCK_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CLEANUP86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CREATE_MAILSLOT86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_POWER86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_DEVICE_CHANGE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_PNP86651980
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_PNP869A51D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_PNP86B601D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_CREATE8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_CLOSE8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_INTERNAL_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_POWER8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_SYSTEM_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_PNP8698E1D8
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_CREATE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_CLOSE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_INTERNAL_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_POWER86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_SYSTEM_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_PNP86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_CREATE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_CLOSE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_INTERNAL_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_POWER86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_SYSTEM_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_PNP86977980
Device\FileSystem\Fastfat\FatIRP_MJ_CREATE867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_CLOSE867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_READ867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_WRITE867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_QUERY_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SET_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_QUERY_EA867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SET_EA867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_FLUSH_BUFFERS867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_QUERY_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SET_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_DIRECTORY_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_FILE_SYSTEM_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_DEVICE_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SHUTDOWN867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_LOCK_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_CLEANUP867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_PNP867E5838

AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CREATE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CREATE_NAMED_PIPE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CLOSE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_READ[F45800D0]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_WRITE[F45803E0]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_FLUSH_BUFFERS[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_DIRECTORY_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_FILE_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_INTERNAL_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SHUTDOWN[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_LOCK_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CLEANUP[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CREATE_MAILSLOT[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_POWER[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_DEVICE_CHANGE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_QUOTA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_QUOTA[F4580340]SYMEVENT.SYS

Device\FileSystem\Cdfs\CdfsIRP_MJ_CREATE866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_CLOSE866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_READ866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_QUERY_INFORMATION866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_SET_INFORMATION866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_QUERY_VOLUME_INFORMATION866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_DIRECTORY_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_FILE_SYSTEM_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_DEVICE_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_SHUTDOWN866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_LOCK_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_CLEANUP866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_PNP866ED460

----Registry-GMER1.0.13----

Reg\Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version0x360xB00x290x7A...
Reg\Registry\MACHINE\SOFTWARE\MinnetonkaAudioSoftware\SurCodeDolbyDigitalPremiere\Version@Version0x360xB00x290x7A...

----Files-GMER1.0.13----

ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\01\11-{95C7FEA6-9321-A504-D58A-D170D0F22509}-v1-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\12\12-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v12-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\13\13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\13\13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\14\14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\14\14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\17\17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\17\17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\19\19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\19\19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\20\20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\20\20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\30\30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\30\30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\32\32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\32\32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
FileC:\RECYCLER\NPROTECT
FileC:\RECYCLER\NPROTECT\00000000
FileC:\RECYCLER\NPROTECT\00000174.
FileC:\RECYCLER\NPROTECT\00000175.
FileC:\RECYCLER\NPROTECT\00000176.
FileC:\RECYCLER\NPROTECT\00000207.
FileC:\RECYCLER\NPROTECT\00000222.html
FileC:\RECYCLER\NPROTECT\00000243.
FileC:\RECYCLER\NPROTECT\00000244.
FileC:\RECYCLER\NPROTECT\00000296.
FileC:\RECYCLER\NPROTECT\00000297.
FileC:\RECYCLER\NPROTECT\00000301.
FileC:\RECYCLER\NPROTECT\00000315.
FileC:\RECYCLER\NPROTECT\00009280.
FileC:\RECYCLER\NPROTECT\00009331.
FileC:\RECYCLER\NPROTECT\00010052.
FileC:\RECYCLER\NPROTECT\NPROTECT.LOG
FileE:\RECYCLER\NPROTECT
FileE:\RECYCLER\NPROTECT\NPROTECT.LOG
FileF:\RECYCLER\NPROTECT
FileF:\RECYCLER\NPROTECT\NPROTECT.LOG
FileG:\RECYCLER\NPROTECT
FileG:\RECYCLER\NPROTECT\NPROTECT.LOG

----EOF-GMER1.0.13----


3/3 ... had to split !!

 

[Mr_JAk3]

Hello

Ok more research is needed here....

Generate a HijackThis Startup list:
Open HijackThis:

• Click on "Open the Misc Tools Section"
• Check the following boxes to the right of "Generate StartupList Log":
  • List also minor sections (Full)
  • List empty sections (Complete)
• Click "Generate StartupListLog"
• Click "Yes" at the prompt.
• A Notepad window will open with the contents of the HijackThis Startup list displayed
• Copy & Paste that log to here

 

[Dsijion]

That's a good idea !!:

There it is !
(in 3 replies again...
________

StartupList report, 2007-07-05, 00:04:23
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Benoît Daoust\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nwiz = nwiz.exe /install
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
PC Booster = C:\Program Files\inKline Global\PC Booster\pcbooster.exe
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
QMusic2 = "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
StartFoxie = C:\Program Files\Foxie Suite\StartFoxie.exe
MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
AcctMgr = C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

[Dsijion]

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Foxie Suite\foxietoolbaru.dll - {432CAE3B-690F-4C3B-BD97-070EBDA210D5}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Program Files\Foxie Suite\foxiecoreu.dll - {C65185B1-D52B-44A9-861F-8201B50D1F37}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Symantec Drmc.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

[Java Plug-in 1.5.0_01]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Dsijion]

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883 Unit Device: System32\DRIVERS\61883.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
ATM Service: %SystemRoot%\System32\ATMsrvc.exe (disabled)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (manual start)
AVC Device: System32\DRIVERS\avc.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-Dilla: \??\C:\WINDOWS\System32\drivers\CDANT.SYS (manual start)
C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (autostart)
C-DillaSrv: C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CdaC15BA: \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
NVIDIA Stereo Helper Service: System32\DRIVERS\dumant.sys (system)
3Com 3C2000x EtherLink XL Adapter: System32\DRIVERS\EL2K_XP.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GhostStartService: C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (autostart)
GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system)
gmer: System32\DRIVERS\gmer.sys (manual start)
GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech SetPoint USB Receiver device driver: System32\Drivers\LHidUsbK.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech SetPoint Mouse Filter Driver: system32\DRIVERS\LMouKE.Sys (manual start)
Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
MidiSyn: system32\drivers\MidiSyn.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Unerase Protection Driver: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS (manual start)
Norton Unerase Protection: C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nVidia WDM Video Capture (universal): system32\DRIVERS\nvcap.sys (autostart)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
nVidia WDM TVTuner: system32\DRIVERS\nvtunep.sys (autostart)
nVidia WDM TVAudio Crossbar: system32\DRIVERS\nvtvsnd.sys (autostart)
nVidia WDM A/V Crossbar: system32\DRIVERS\NVxbar.sys (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Microsoft IntelliPoint Filter Driver: system32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe" (manual start)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SDdriver: \??\C:\WINDOWS\system32\Drivers\sddriver.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
High-Capacity Floppy Disk Drive: System32\DRIVERS\sfloppy.sys (manual start)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Speed Disk service: C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
StarWind iSCSI Service: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (autostart)
Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{A1C263A0-43D6-437A-879F-937D69BD1651} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Service Messenger Sharing Folders USN Journal Reader: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Logitech Virtual Bus Enumerator Driver: system32\drivers\WmBEnum.sys (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Logitech WingMan HID Filter Driver: system32\drivers\WmFilter.sys (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Logitech Virtual Hid Device Driver: system32\drivers\WmVirHid.sys (manual start)
Logitech WingMan Translation Layer Driver: system32\drivers\WmXlCore.sys (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

[Dsijion]

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DF73.tmp||C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DFB56E.tmp||C:\Documents and Settings\Benoît Daoust\Cookies\index.dat||C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DF73.tmp||C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DFB56E.tmp||C:\Documents and Settings\Benoît Daoust\Local Settings\Temporary Internet Files\content.ie5\index.dat||C:\Documents and Settings\Benoît Daoust\cookies\index.dat||C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\content.ie5\index.dat||C:\Documents and Settings\LocalService\cookies\index.dat||C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\content.ie5\index.dat||C:\Documents and Settings\NetworkService\cookies\index.dat


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 42*096 bytes
Report generated in 0,969 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

haha

4 replies finally !!

 

[Dsijion]

QMusic2 = "C:\Program Files\BenQ\QMusic2\QMAgent.exe" ???

something like that is alwais found in SpyBot S&D ... maybe I'm wrong...

 

[Dsijion]

BenQ is okay.. just the Agent thing...

I also very often have the double clip thing... WHATEVER... !!! :lip:

 

[Dsijion]

doubleclick !! :lip: :lip: :lip: ... :lip: