Smitfraud-C.Toolbar888...

L

Luver

New member
yea.. i do aslo have this shit on my computor :( , Grateful for any help you guys can give me because i cant get this off my computor.

Changed Hijackthis name to "rolig"
Here is the Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 05:34:34, on 2007-05-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Winamp\winampa.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\Program\GameFace Messenger\GameFace.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CA89674-36CF-40A4-99D6-3D764068E8DA} - (no file)
O2 - BHO: (no name) - {4C9DC3B8-3474-40E9-948A-AB94094C92EF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Ludde\LOKALA~1\Temp\isDel.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: fccyaaa - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Eset - (no file)
O23 - Service: Norman ZANDA - Eset - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Hope I did this right!
 
Last edited by a moderator:
Hello Luver and welcome to the Forums :)

You're infected.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

:bigthumb:
 
VundoFix didnt find anything :S but i post the logs just in case. I did remove some threats with my Anti virus program but in the HijackThis log i see: ddaby fccyaaa, pmkhe . which i know is a virus

VundoFix log:
VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 17:24:42 2007-05-08

Listing files found while scanning....

No infected files were found.


Beginning removal...

HijackThis log:

PHP: 
Logfile of HijackThis v1.99.1
Scan saved at 17:36:51, on 2007-05-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CA89674-36CF-40A4-99D6-3D764068E8DA} - (no file)
O2 - BHO: (no name) - {4C9DC3B8-3474-40E9-948A-AB94094C92EF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Ludde\LOKALA~1\Temp\isDel.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: fccyaaa - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Eset  - (no file)
O23 - Service: Norman ZANDA - Eset  - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Ok good.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
:bigthumb:
 
thanks for the fast answer :)

Here is the ComboFix log:

"Ludde" - 2007-05-08 20:37:55 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Ludde\Skrivbord\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\drivers\npf.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm
-------\NPF


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-05-08 17:08 <KAT> d-------- C:\DOCUME~1\Test\APPLIC~1\Talkback
2007-05-08 17:06 786,432 --ah----- C:\DOCUME~1\Test\NTUSER.DAT
2007-05-08 17:06 <KAT> d-------- C:\DOCUME~1\Test\Mallar
2007-05-08 17:06 <KAT> d-------- C:\DOCUME~1\Test\Lokala inst„llningar
2007-05-08 17:06 <KAT> d-------- C:\DOCUME~1\Test\Favoriter
2007-05-07 15:56 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Turbine
2007-05-06 17:17 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-06 17:06 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-06 15:19 512 --a------ C:\ScanSectorLog.dat
2007-05-06 14:56 2,766,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-06 14:56 17,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-06 05:56 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-06 05:55 <KAT> d-------- C:\WINDOWS\Internet Logs
2007-05-06 04:28 335 --a------ C:\WINDOWS\mozregistry.dat
2007-05-06 03:45 <KAT> d-------- C:\VundoFix Backups
2007-05-06 01:58 <KAT> d-------- C:\DOCUME~1\LOCALS~1\Start-meny
2007-05-04 01:16 <KAT> d-------- C:\NVIDIA
2007-05-04 01:09 <KAT> d-------- C:\Program\SystemRequirementsLab
2007-05-04 01:09 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\SystemRequirementsLab
2007-05-03 21:27 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Help
2007-05-03 21:19 <KAT> d-------- C:\Norman
2007-05-03 20:55 10,069 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-05-03 20:55 <KAT> d-------- C:\Program\Advanced Spyware Remover Pro
2007-05-03 19:38 <KAT> d-------- C:\Program\RegCure
2007-05-03 19:33 <KAT> d-------- C:\Program\ParetoLogic
2007-05-03 19:33 <KAT> d-------- C:\Program\Delade filer\ParetoLogic
2007-05-03 19:33 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-05-03 19:27 <KAT> d-------- C:\Program\XoftSpySE
2007-05-03 19:14 <KAT> d-------- C:\Program\SpywareBlaster
2007-05-03 19:10 <KAT> d-------- C:\Program\CA
2007-05-02 13:53 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-29 17:36 <KAT> d-------- C:\Program\DAEMON Tools
2007-04-26 23:02 <KAT> d-------- C:\Program\TibiaCam TV Lite
2007-04-25 23:30 <KAT> d-------- C:\Program\Steam
2007-04-24 22:53 <KAT> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-24 22:50 161,701 --a------ C:\WINDOWS\PowerHEX Uninstaller.exe
2007-04-24 22:50 <KAT> d-------- C:\Program\PowerHEX
2007-04-24 22:50 <KAT> d-------- C:\Program\Delade filer\Thraex Software
2007-04-21 00:17 <KAT> d-------- C:\Program\PlayLogic
2007-04-19 21:51 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\AdobeUM
2007-04-18 19:22 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Wireshark
2007-04-18 19:13 <KAT> d-------- C:\Program\Wireshark
2007-04-18 01:07 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Publish Providers
2007-04-18 01:06 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Sony
2007-04-17 23:56 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-04-17 23:56 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-04-17 23:55 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-17 11:30 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-04-17 11:28 <KAT> d-------- C:\Program\Vstplugins
2007-04-17 11:28 <KAT> d-------- C:\Program\Sony
2007-04-17 11:26 <KAT> d-------- C:\Program\Sony Setup
2007-04-16 20:49 <KAT> d-------- C:\Program\TechSmith
2007-04-16 20:49 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-04-16 20:44 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 15:17:05 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\dvdcss
2007-05-07 10:23:39 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\Hamachi
2007-05-06 14:38:55 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\uTorrent
2007-05-03 19:19:20 -------- d--h--w C:\Program\InstallShield Installation Information
2007-05-01 23:25:17 -------- d-----w C:\Program\BlackD
2007-04-28 13:07:53 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-16 20:52:04 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-16 18:39:18 -------- d-----w C:\Program\DC++
2007-03-31 13:00:37 -------- d--h--r C:\DOCUME~1\Ludde\APPLIC~1\SecuROM
2007-03-31 13:00:36 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-29 18:02:49 -------- d-----w C:\Program\TibiaOT7.6
2007-03-29 11:25:53 407,168 ----a-w C:\WINDOWS\system32\pr2ahqjb.exe
2007-03-27 14:55:27 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-03-26 17:56:28 62,728 ----a-w C:\WINDOWS\system32\perfc01D.dat
2007-03-26 17:56:28 383,448 ----a-w C:\WINDOWS\system32\perfh01D.dat
2007-03-23 15:24:02 67,762 ----a-w C:\WINDOWS\War3Unin.dat
2007-03-23 15:16:34 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-03-23 15:16:34 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-03-17 13:47:35 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 11:43:01 -------- d-----w C:\Program\PeerGuardian2
2007-03-14 12:09:29 -------- d-----w C:\Program\DVD Decrypter
2007-03-14 08:08:20 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\Ahead
2007-03-12 20:28:57 1,265 ----a-w C:\WINDOWS\mozver.dat
2007-03-12 07:41:16 -------- d-----w C:\Program\AGEIA Technologies
2007-03-11 23:16:39 -------- d-----w C:\Program\ASUS WiFi-AP Solo
2007-03-08 15:51:48 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:51:48 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:51:48 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:49:53 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-03 09:03:09 82,774 ----a-w C:\WINDOWS\Uninstall Jade Empire.exe
2007-03-02 22:26:35 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-03-02 21:57:27 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-02 21:06:28 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-03-02 20:49:27 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-02 20:23:54 0 --sha-r C:\MSDOS.SYS
2007-03-02 20:23:54 0 --sha-r C:\IO.SYS
2007-03-02 20:23:54 0 ----a-w C:\CONFIG.SYS
2007-03-02 20:23:54 0 ----a-w C:\AUTOEXEC.BAT
2007-03-02 20:20:32 21,700 ----a-w C:\WINDOWS\system32\emptyregdb.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"="C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program\SPYBOT~1\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program\Java\jre1.5.0_11\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CloneCDTray"="\"C:\\Program\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"WinampAgent"="C:\\Program\\Winamp\\winampa.exe"
"Adobe Photo Downloader"="\"C:\\Program\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
"SoundMAXPnP"="C:\\Program\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"Ai Nap"="\"C:\\Program Files\\ASUS\\Ai Nap\\AiNap.exe\""
"Launch Ai Booster"="\"C:\\Program\\ASUS\\Ai Booster\\OverClk.exe\""
"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"
"GameFace Messenger"="C:\\Program\\GameFace Messenger\\GameFace.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"
"AWMON"="\"C:\\Program\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"isDeleteMe"="\"C:\\WINDOWS\\system32\\cmd.exe\" /c \"C:\\DOCUME~1\\Ludde\\LOKALA~1\\Temp\\isDel.bat\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="C:\Program\ParetoLogic\Anti-Spyware\PASShlExt.dll"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaby
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaaa
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GameFace Messenger"="C:\\Program\\GameFace Messenger\\GameFace.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Pareto UNS.job
C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job
C:\WINDOWS\tasks\ParetoLogic Update.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 20:44:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-08 20:45:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-08 20:45
 
Hello :)

We'll scan a few files and then continue....

Go to virustotal.com
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\pr2ahqjb.exe
Click on Send
Wait for the scan to end.

Go to virustotal.com
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\mspriv32.dll
Click on Send
Wait for the scan to end.

Copy & Paste the scan results to here.

:bigthumb:
 
First one:

Complete scanning result of "pr2ahqjb.exe", received in VirusTotal at 05.09.2007, 23:24:56 (CET).

AhnLab-V3 2007.5.10.0 05.09.2007 no virus found
AntiVir 7.4.0.15 05.09.2007 no virus found
Authentium 4.93.8 05.08.2007 no virus found
Avast 4.7.997.0 05.09.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.09.2007 no virus found
CAT-QuickHeal 9.00 05.09.2007 no virus found
ClamAV devel-20070416 05.09.2007 no virus found
DrWeb 4.33 05.09.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3621 05.09.2007 no virus found
Ewido 4.0 05.09.2007 no virus found
FileAdvisor 1 05.09.2007 no virus found
Fortinet 2.85.0.0 05.09.2007 no virus found
F-Prot 4.3.2.48 05.09.2007 no virus found
F-Secure 6.70.13030.0 05.09.2007 no virus found
Ikarus T3.1.1.7 05.09.2007 no virus found
Kaspersky 4.0.2.24 05.09.2007 no virus found
McAfee 5027 05.09.2007 no virus found
Microsoft 1.2503 05.09.2007 no virus found
NOD32v2 2255 05.09.2007 no virus found
Norman 5.80.02 05.09.2007 no virus found
Panda 9.0.0.4 05.09.2007 no virus found
Prevx1 V2 05.09.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.09.2007 no virus found
TheHacker 6.1.6.110 05.08.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.09.2007 no virus found
Webwasher-Gateway 6.0.1 05.09.2007 Win32.Vulnerable.gen!High (suspicious)



Second one:
Complete scanning result of "mspriv32.dll", received in VirusTotal at 05.09.2007, 23:33:02 (CET).

AhnLab-V3 2007.5.10.0 05.09.2007 no virus found
AntiVir 7.4.0.15 05.09.2007 no virus found
Authentium 4.93.8 05.08.2007 no virus found
Avast 4.7.997.0 05.09.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.09.2007 no virus found
CAT-QuickHeal 9.00 05.09.2007 no virus found
ClamAV devel-20070416 05.09.2007 no virus found
DrWeb 4.33 05.09.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3621 05.09.2007 no virus found
Ewido 4.0 05.09.2007 no virus found
FileAdvisor 1 05.09.2007 no virus found
Fortinet 2.85.0.0 05.09.2007 no virus found
F-Prot 4.3.2.48 05.09.2007 no virus found
F-Secure 6.70.13030.0 05.09.2007 no virus found
Ikarus T3.1.1.7 05.09.2007 no virus found
Kaspersky 4.0.2.24 05.09.2007 no virus found
McAfee 5027 05.09.2007 no virus found
Microsoft 1.2503 05.09.2007 no virus found
NOD32v2 2255 05.09.2007 no virus found
Norman 5.80.02 05.09.2007 no virus found
Panda 9.0.0.4 05.09.2007 no virus found
Prevx1 V2 05.09.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.09.2007 no virus found
TheHacker 6.1.6.110 05.08.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.09.2007 no virus found
Webwasher-Gateway 6.0.1 05.09.2007 no virus found
 
Hello :)

We'll continue...

You seem to have some Norman leftovers running. Yuo have uninstalled the program, right? Please run this uninstall tool -> link

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

==================

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable Ad-Aware Ad-Watch realtime protection
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it
    • Automatic: Suspicious activity will be blocked automatically
  • Uncheck both of those boxes.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {1CA89674-36CF-40A4-99D6-3D764068E8DA} - (no file)
O2 - BHO: (no name) - {4C9DC3B8-3474-40E9-948A-AB94094C92EF} - (no file)
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Ludde\LOKALA~1\Temp\isDel.bat"
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: fccyaaa - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Run ATF Cleaner
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
 
Done. But I understood wrong with how to deal with the threats and they got deleted. I hope it doesnt ruin anything.

AVG Scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:14:34 2007-05-11

+ Scan result:



:mozilla.229:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.440:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.470:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.471:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.248:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.249:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.708:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.709:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.254:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.255:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.287:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.691:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.672:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.673:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.674:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.293:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.334:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.741:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.370:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.371:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.743:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.372:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.407:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.408:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.712:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.713:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.714:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.715:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.692:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.7:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.8:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.9:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.716:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.717:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.465:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.58:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.498:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.499:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.500:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.501:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.502:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.503:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.504:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.646:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.273:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.549:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.550:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.551:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.552:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.553:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.693:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.694:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.719:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.572:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.573:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.574:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.581:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.582:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.612:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.613:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.695:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.630:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.53:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Downloads\zoomed.vegas6.incl.keygen.2006\KEYGEN\SONYkeygen.exe -> Trojan.Pakes.edg : Cleaned.
C:\Downloads\zoomed.vegas6.incl.keygen.2006\zoomed.vegas6.incl.keygen.2006.part01.rar/KEYGEN\SONYkeygen.exe -> Trojan.Pakes.edg : Cleaned.


::Report end


HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:59:09, on 2007-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Eset - (no file)
O23 - Service: Norman ZANDA - Eset - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Hello :)

That is ok...Did you run the Norman uninstaller?


Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.
 
About the Norman stuff, i did download the uninstaller and it did say norman got uninstalled. Why its there is because i tried it and it sucked. and when i was going to remove it it didnt want too so i started to delete the folders in anger :)

Anyway heres the GMER log:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-11 21:50:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver

INT 0x20 srescan.sys F70B09D0

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C4C 80503B28 12 Bytes [ F0, C1, 41, BA, 80, 24, 42, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys Det går inte att komma åt filen eftersom den
används av en annan process.
? srescan.sys Det går inte att hitta filen.
.text USBPORT.SYS!DllUnload F6BF27AE 5 Bytes JMP 86179780
? System32\Drivers\aqdqkkpe.SYS Det går inte att hitta filen.
? C:\WINDOWS\system32\DRIVERS\update.sys
.text ntkrnlpa.exe!ZwYieldExecution + 31F4 80503B28 12 Bytes [ F0, C1, 41, BA, 80, 24, 42, ... ]

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1896] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ]
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!SetScrollInfo 7E369046 7 Bytes JMP 01C8B7C6 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!GetScrollInfo 7E3717D8 7 Bytes JMP 01C8B74E C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!ShowScrollBar 7E37F2E7 5 Bytes JMP 01C8B84A C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!GetScrollPos 7E37F6F4 5 Bytes JMP 01C8B776 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!SetScrollPos 7E37F740 5 Bytes JMP 01C8B7F1 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!GetScrollRange 7E37F777 5 Bytes JMP 01C8B79B C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!SetScrollRange 7E37F98B 5 Bytes JMP 01C8B81C C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!EnableScrollBar 7E3B7F55 7 Bytes JMP 01C8B726 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\MSN Messenger\msnmsgr.exe[2828] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004DE392 C:\Program\MSN Messenger\MsnMsgr.Exe

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 865A01E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_PNP 8510A1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8613C1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 865311E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 861321E8


Contiune at next post~
 
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 861321E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CREATE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CREATE_NAMED_PIPE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CLOSE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_READ [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_WRITE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_EA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_EA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_FLUSH_BUFFERS [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_VOLUME_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_VOLUME_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_DIRECTORY_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_FILE_SYSTEM_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_DEVICE_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_INTERNAL_DEVICE_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SHUTDOWN [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_LOCK_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CLEANUP [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CREATE_MAILSLOT [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_SECURITY [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_SECURITY [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_POWER [F72AE712] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SYSTEM_CONTROL [F72D12C8] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_DEVICE_CHANGE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_QUOTA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_QUOTA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_PNP [F72D2238] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 865A31E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 861261E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 865A21E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_INFORMATION 865301E8
 
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_QUOTA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_PNP 865301E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_PNP 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8510A1E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_PNP 8510A1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8613C1E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 861321E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 865301E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 850FE1E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 865301E8
 
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 865301E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 850FE1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 865301E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 865A31E8
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_CREATE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_CLOSE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_POWER 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_SYSTEM_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_PNP 861157A0
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_CREATE 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_CLOSE 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_DEVICE_CONTROL 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_POWER 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_SYSTEM_CONTROL 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_PNP 865A11E8
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_CREATE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_CLOSE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_POWER 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_PNP 861157A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 850FA1E8

---- EOF - GMER 1.0.12 ----
 
Hello and sorry for the delay :)

We'll do some research....

Generate a HijackThis Startup list:
Open HijackThis:
  • Click on "Open the Misc Tools Section"
  • Check the following boxes to the right of "Generate StartupList Log":
    • List also minor sections (Full)
    • List empty sections (Complete)
  • Click "Generate StartupListLog"
  • Click "Yes" at the prompt.
  • A Notepad window will open with the contents of the HijackThis Startup list displayed
  • Copy & Paste that log to here

:bigthumb:
 
No problem man , your helping me to get rid of these bastards :).
Btw at the Steamapps i changed my account to ******@yahoo.com, dont want it published etc.
and i always thought "nwiz = nwiz.exe /install" was something suspicious , i dont know what it is.

anyway heres the log:

StartupList report, 2007-05-13, 23:32:28
StartupList version: 1.52.2
Started from : C:\Program Files\rolig\rolig.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\Steam\Steam.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
c:\program\steam\steamapps\********@yahoo.com\counter-strike\hl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]
Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ASUS WiFi-AP Solo.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CloneCDTray = "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
WinampAgent = C:\Program\Winamp\winampa.exe
Adobe Photo Downloader = "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe
SoundMAX = "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
Ai Nap = "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
Launch Ai Booster = "C:\Program\ASUS\Ai Booster\OverClk.exe"
nod32kui = "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
GameFace Messenger = C:\Program\GameFace Messenger\GameFace.exe
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
ASUS SmartDoctor = C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
AWMON = "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Pareto UNS.job
ParetoLogic Anti-Spyware.job
ParetoLogic Update.job
RegCure Program Check.job
RegCure.job
XoftSpySE 2.job
XoftSpySE.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 5 477 bytes
Report generated in 0,016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Hello :)

You didn't checkmark these 2 options before creating the log:
* List also minor sections (Full)
* List empty sections (Complete)

Please try again
 
hmm, im pretty sure i did check those 2 options,
another try hope this is right :).

The log:
StartupList report, 2007-05-14, 16:51:10
StartupList version: 1.52.2
Started from : C:\Program Files\rolig\rolig.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Winamp\winamp.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]
Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ASUS WiFi-AP Solo.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CloneCDTray = "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
WinampAgent = C:\Program\Winamp\winampa.exe
Adobe Photo Downloader = "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe
SoundMAX = "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
Ai Nap = "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
Launch Ai Booster = "C:\Program\ASUS\Ai Booster\OverClk.exe"
nod32kui = "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
GameFace Messenger = C:\Program\GameFace Messenger\GameFace.exe
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
ASUS SmartDoctor = C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
AWMON = "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Pareto UNS.job
ParetoLogic Anti-Spyware.job
ParetoLogic Update.job
RegCure Program Check.job
RegCure.job
XoftSpySE 2.job
XoftSpySE.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 5 507 bytes
Report generated in 0,015 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Hmm we need another tool then....

Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent Runners.vbs
Save it to your silentrunners folder.

Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter

Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything
 
o yeah, a lot of text

The Silentrunners log:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output of all locations checked and all values found.


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ASUS SmartDoctor" = "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start" ["ASUSTeK Inc."]
"AWMON" = ""C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
"CloneCDTray" = ""C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"WinampAgent" = "C:\Program\Winamp\winampa.exe" [null data]
"Adobe Photo Downloader" = ""C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"" ["Adobe Systems Incorporated"]
"SoundMAXPnP" = "C:\Program\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]
"Ai Nap" = ""C:\Program Files\ASUS\Ai Nap\AiNap.exe"" [null data]
"Launch Ai Booster" = ""C:\Program\ASUS\Ai Booster\OverClk.exe"" [null data]
"nod32kui" = ""C:\Program\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"GameFace Messenger" = "C:\Program\GameFace Messenger\GameFace.exe" ["AceGain Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SnagIt Toolbar Loader"
\InProcServer32\(Default) = "C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Egenskapsförteckning för multimediefiler"
-> {HKLM...CLSID} = "Egenskapsförteckning för multimediefiler"
\InProcServer32\(Default) = "mmsys.cpl" [MS]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "Hantering av ICM-skanner"
-> {HKLM...CLSID} = "Hantering av ICM-skanner"
\InProcServer32\(Default) = "icmui.dll" [MS]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS-säkerhetssida"
-> {HKLM...CLSID} = "Shell-tillägg för säkerhet"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Egenskapssida för OLE-dokumentfiler"
-> {HKLM...CLSID} = "Egenskapssida för OLE-dokumentfiler"
\InProcServer32\(Default) = "docprop.dll" [MS]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Shell-tillägg för delning"
-> {HKLM...CLSID} = "Shell-tillägg för delning"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för PlusPack"
\InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" [MS]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärmskort"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för bildskärmskort"
\InProcServer32\(Default) = "deskadp.dll" [MS]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärm"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för bildskärm"
\InProcServer32\(Default) = "deskmon.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärmspanorering"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för bildskärmspanorering"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "DS-säkerhetssida"
-> {HKLM...CLSID} = "Shell-tillägg för säkerhet"
\InProcServer32\(Default) = "dssec.dll" [MS]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Kompatibilitetssida"
-> {HKLM...CLSID} = "Kompatibilitetssida"
\InProcServer32\(Default) = "SlayerXP.dll" [MS]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Shell Scrap DataHandler"
-> {HKLM...CLSID} = "Shell Scrap DataHandler"
\InProcServer32\(Default) = "shscrap.dll" [MS]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Diskkopiering - tillägg"
-> {HKLM...CLSID} = "Diskkopiering - tillägg"
\InProcServer32\(Default) = "diskcopy.dll" [MS]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Shell-tillägg för Microsoft Windows Network-objekt"
-> {HKLM...CLSID} = "Shell-tillägg för Microsoft Windows Network-objekt"
\InProcServer32\(Default) = "ntlanui2.dll" [MS]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Hantering av ICM-bildskärm"
-> {HKLM...CLSID} = "Hantering av ICM-bildskärm"
\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Hantering av ICM-skrivare"
-> {HKLM...CLSID} = "Hantering av ICM-skrivare"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Shell-tillägg för webbutskrift"
-> {HKLM...CLSID} = "Shell-tillägg för webbutskrift"
\InProcServer32\(Default) = "printui.dll" [MS]
 
You must log in or register to reply here.
Back
Top