Virtumonde infection, please help

Hello.

As of now, we've got a lot of problems and tools won't even work so we'll give it a go manually.

I would need you to do this first..

Download Gmer
  • Disconnect from internet and close running programs.
  • There is a small chance this application may crash your computer so save any work you have open.
  • Double click gmer.exe
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
  • If no warning....
  • Click "Rootkit" tab and click "Scan"
  • Once done, click "Copy"
  • Open Notepad and hit "ctrl+v" to paste the log.
  • Reconnect to the internet and post the log back to this thread please.
 
It keeps restarting with the blue screen of death at a certain point in the scan. The error message is

0X0000000000000BE

or something like that.

I stopped the scan as close to the pint of restart as possible. This is what I got so far:


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-30 17:39:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\xpdx.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\xpdx.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\xpdx.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3037.SYS The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\xpdx.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\Explorer.EXE[368] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[520] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[520] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[520] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[520] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\hphmon03.exe[576] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\hphmon03.exe[576] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\hphmon03.exe[576] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\hphmon03.exe[576] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Program Files\Messenger\msmsgs.exe[616] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Program Files\Messenger\msmsgs.exe[616] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\Program Files\Messenger\msmsgs.exe[616] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\Program Files\Messenger\msmsgs.exe[616] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Program Files\AIM\aim.exe[624] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Program Files\AIM\aim.exe[624] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\Program Files\AIM\aim.exe[624] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\Program Files\AIM\aim.exe[624] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\WINDOWS\system32\lsass.exe[904] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\WINDOWS\system32\lsass.exe[904] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\WINDOWS\system32\lsass.exe[904] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\WINDOWS\system32\lsass.exe[904] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\dwwin.exe[1148] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\dwwin.exe[1148] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\dwwin.exe[1148] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\dwwin.exe[1148] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\Documents and Settings\Mike\Desktop\gmer\gmer.exe[1252] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Documents and Settings\Mike\Desktop\gmer\gmer.exe[1252] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1588] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1588] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1588] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1588] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750BDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752171E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F750C3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F750C2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F750C482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F750C482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F750C3B2] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F750C2B6] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7521032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F750BF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7520C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F750BE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74FEA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74FEB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74FEAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74FF6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74FF5A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7521864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7510F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7520C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7520C82] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7521864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F74FE020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F74FE020] sptd.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F78110B7] xpdx.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 87396EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN
 
IRP_MJ_CLOSE F79CFCFE
Device \Driver\Aspi32 \Device\MbMmDp32 IRP_MJ_DEVICE_CONTROL F79D0732
Device \Driver\Aspi32 \Device\MbMmDp32 IRP_MJ_CLEANUP F79CFCCC
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86F49448
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86F49448
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86BAEEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86BAEEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86BAEEB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86BAEEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86BAEEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86BAEEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86BAEEB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86BAEEB0
Device \Driver\00000101 \Device\0000004d IRP_MJ_POWER [F7509EA8] sptd.sys
Device \Driver\00000101 \Device\0000004d IRP_MJ_SYSTEM_CONTROL [F751DA70] sptd.sys
Device \Driver\00000101 \Device\0000004d IRP_MJ_PNP [F7516728] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_CREATE 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_CLOSE 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_INTERNAL_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_CLEANUP 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_PNP 86BAEEB0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_CREATE B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_CREATE_NAMED_PIPE B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_CLOSE B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_WRITE B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_QUERY_INFORMATION B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_SET_INFORMATION B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_QUERY_EA B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_SET_EA B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_FLUSH_BUFFERS B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_QUERY_VOLUME_INFORMATION B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_SET_VOLUME_INFORMATION B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_DIRECTORY_CONTROL B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_FILE_SYSTEM_CONTROL B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_DEVICE_CONTROL B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_INTERNAL_DEVICE_CONTROL B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_SHUTDOWN B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_LOCK_CONTROL B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_CLEANUP B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_CREATE_MAILSLOT B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_QUERY_SECURITY B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_SET_SECURITY B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_POWER B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_SYSTEM_CONTROL B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_DEVICE_CHANGE B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_QUERY_QUOTA B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_SET_QUOTA B9558447
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_PNP B9558447

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F781E2C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp
 
IRP_MJ_CLEANUP [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F781E8E6] aswTdi.SYS

Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_CREATE 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_CLOSE 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_INTERNAL_DEVICE_CONTROL 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_CLEANUP 86BAEEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_PNP 86BAEEB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 873960E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 873960E8

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F781E2C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F781E8E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F781E8E6] aswTdi.SYS

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86D5FA40
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86D5FA40
Device \Driver\symlcbrd \Device\SymantecBiosReader IRP_MJ_CREATE F79DF048
Device \Driver\symlcbrd \Device\SymantecBiosReader IRP_MJ_CLOSE F79DF048
Device \Driver\symlcbrd \Device\SymantecBiosReader IRP_MJ_DEVICE_CONTROL F79DF068
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe
 
IRP_MJ_WRITE 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 86BE5A70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 86BE5A70
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 87397C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 87397C78
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_CREATE B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_CREATE_NAMED_PIPE B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_CLOSE B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_READ B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_WRITE B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_QUERY_INFORMATION B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_SET_INFORMATION B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_QUERY_EA B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_SET_EA B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_FLUSH_BUFFERS B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_QUERY_VOLUME_INFORMATION B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_SET_VOLUME_INFORMATION B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_DIRECTORY_CONTROL B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_FILE_SYSTEM_CONTROL B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_DEVICE_CONTROL B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_INTERNAL_DEVICE_CONTROL B936F2C0
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_SHUTDOWN B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_LOCK_CONTROL B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_CLEANUP B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_CREATE_MAILSLOT B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_QUERY_SECURITY B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_SET_SECURITY B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_POWER B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_SYSTEM_CONTROL B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_DEVICE_CHANGE B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_QUERY_QUOTA B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_SET_QUOTA B936F314
Device \Driver\aswRdr \Device\ASWRDR IRP_MJ_PNP B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_CREATE B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_CREATE_NAMED_PIPE B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_CLOSE B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_READ B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_WRITE B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_QUERY_INFORMATION B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_SET_INFORMATION B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_QUERY_EA B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_SET_EA B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_FLUSH_BUFFERS B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_QUERY_VOLUME_INFORMATION B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_SET_VOLUME_INFORMATION B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_DIRECTORY_CONTROL B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_FILE_SYSTEM_CONTROL B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_DEVICE_CONTROL B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL B936F2C0
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_SHUTDOWN B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_LOCK_CONTROL B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_CLEANUP B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_CREATE_MAILSLOT B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_QUERY_SECURITY B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_SET_SECURITY B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_POWER B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_SYSTEM_CONTROL B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_DEVICE_CHANGE B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_QUERY_QUOTA B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_SET_QUOTA B936F314
Device \Driver\aswRdr \Device\AswRdrTcpFilter IRP_MJ_PNP B936F314
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 86CFC0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 86CFC0E8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_CREATE 873974D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_CLOSE 873974D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_DEVICE_CONTROL 873974D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_INTERNAL_DEVICE_CONTROL 873974D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_POWER 873974D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_SYSTEM_CONTROL 873974D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_PNP 873974D0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86CEAEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 86CEAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86ED6928
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86ED6928

---- EOF - GMER 1.0.13 ----


I will try to scan in safe mode when I get back from class.
 
tried in safe mode and exact same thing.

I also tried locating the value in registry that the system seems to restart on (0Controls). but I could not find that value anywhere in the registry.
 
Hi,

I also tried locating the value in registry that the system seems to restart on (0Controls). but I could not find that value anywhere in the registry.
Click to expand...

I suggest that you don't go to the registry on your own...One little mistake and your computer will be busted..

Having said that, before all this started, have you been tampering with your registry?

Also, is your Avast! updated?
==========

You may want to print these instructions or save them in notepad for reference.


You have remnants of Norton AntiVirus in your system..Please run the tool HERE to clean all the leftovers of your Norton Antivirus..

*Uninstall the items in bold if found:

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Trymedia

*A few optionals that I would recommend be uninstalled.

Azureus
LimeWire PRO 4.14.8
These programs are very likely the reason your system is infested with malware. Even when program likes these are not infected themselves, they will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this program from your system.

Viewpoint Media Player
Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". In 2006, this may change, read Viewpoint to Plunge Into Adware.

Full Tilt Poker
Paradise Poker
PartyPoker
Holdem Bot vNEURAL 1.3
Web Buying
I recommend that if you do not use these poker related programs, you uninstall them because these programs serve as vectors for malware to enter your system. You do have pokerstars installed and it is the safest alternative if you want to play poker.

Virtual Hottie 2
Do you use this program or did you install it intentionally? If so, you can leave it there.

*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.

*Reboot
________

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: (no name) - {eb89e365-71df-4d4f-8708-04a5b1b8f2d2} - C:\WINDOWS\system32\iseltjy.dll
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\winlogon.exe
O4 - HKLM\..\Run: [ShareSearcher] c:\jnkk.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Xbfspkmh] "C:\Documents and Settings\Mike\My Documents\?ymantec\d?xplore.exe"
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.2\webbuying.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKUS\S-1-5-18\..\Run: [Cwap] "C:\WINDOWS\system32\TSKS~1\logonui.exe" -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Govqdqvj] C:\WINDOWS\system32\s?stem\??rvices.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cwap] "C:\WINDOWS\system32\TSKS~1\logonui.exe" -vt yazb (User 'Default user')
O20 - Winlogon Notify: hgghfcb - hgghfcb.dll (file missing)
O20 - Winlogon Notify: winlbi32 - winlbi32.dll (file missing)
O21 - SSODL: vHdaxqUCGS - {CCCC9172-6666-3BD8-53BE-3384AFFC4B8B} - C:\WINDOWS\system32\oimp.dll (file missing)

Did you use spybot to set this policy? If so, do not fix it:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Fix the following if you uninstalled party poker:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

Fix the following if you uninstalled poker.com

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.


Download OTMoveIt by OldTimer to your Desktop.
  • Double click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
C:\WINDOWS\system32\oimp.dll
C:\WINDOWS\system32\hgghfcb.dll
C:\WINDOWS\system32\winlbi32.dll
C:\WINDOWS\9129837.exe
C:\Program Files\Web Buying
C:\WINDOWS\retadpu1000106.exe
c:\jnkk.exe
C:\WINDOWS\ServicePackFiles\winlogon.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\iseltjy.dll
C:\VundoFix Backups
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\tmp375203.bat
C:\WINDOWS\system32\ezhfjf32.dll
C:\WINDOWS\system32\Setup155.exe
C:\WINDOWS\TWlrZQ
C:\WINDOWS\system32\tmps7
C:\WINDOWS\system32\ICM23
C:\WINDOWS\system32\dllsz
C:\WINDOWS\system32\cofig1
C:\WINDOWS\system32\f03WtR
C:\Temp
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\uni_eh44.exe
C:\WINDOWS\uninst1014.exe
C:\WINDOWS\system32\xpdx.sys
C:\Program Files\Norton AntiVirus
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec
Click to expand...
  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the program.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
  • Post the log back here please.
_____

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

Configure your machine to view hidden files:

Windows XP
  • Click Start.
  • Open My Computer..
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the "Hidden files and folders" heading select Show hidden files and folders.
  • Uncheck the Hide Protected Operating System Files Option.
  • Click Yes to confirm.
  • Click OK.


*Using Windows explorer, delete the following folders:

C:\WINDOWS\system32\s?stem
C:\Documents and Settings\Mike\My Documents\?ymantec
C:\Documents and Settings\LocalService\Application Data\??crosoft
C:\Documents and Settings\NetworkService\Application Data\?ymbols
C:\WINDOWS\system32\T?sks
C:\Documents and Settings\NetworkService\Application Data\?ymbols

*Note: The ? in the folder paths means that they can be any alphanumeric character. Most of the time, those subfolders are in the end of the list of each parent folder.

C:\WINDOWS\system32\TSKS~1 <<This folder's name starts with TSK
______

*Delete the following folders if you uninstalled their corresponding programs.

C:\Program Files\Poker.com
C:\Program Files\PartyGaming.Net
C:\Program Files\Holdem Bot
C:\Program Files\Virtual Hottie 2
C:\Program Files\Paradise Poker
C:\Program Files\Full Tilt Poker
C:\Program Files\Viewpoint
C:\Program Files\Limewire
C:\Documents and Settings\Mike\Application Data\LimeWire
C:\Program Files\Azureus
C:\Documents and Settings\Mike\Application Data\Azureus

*Do you know what this folder is:

C:\-859008655

If not, double click the folder and see if there's a file inside. If there are any, right click on the file/s > properties and see if you can get any info on their vendors. If the folder appears to be empty, you can safely delete it.

Empty your recycle bin.

Reboot to normal mode.
_______

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.
______

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Click Start > Control Panel
  • Click Add/Remove Programs
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u2, and install it to your computer.
_______

As your system has been infected with bots and we can't use SDFix to see what damage it has done to your registry, we need to dig them up manually.

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type revealbot.bat in the File name and save it to your desktop.

Code: 
@echo off
cd %systemdrive%\ 
If not exist lsafiles MkDir lsafiles 
regedit /e lsafiles\1.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler 
regedit /e lsafiles\2.txt HKEY_CURRENT_USER\Software\Microsoft\OLE 
regedit /e lsafiles\3.txt HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa 
regedit /e lsafiles\4.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole 
regedit /e lsafiles\5.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa 
regedit /a lsafiles\6.txt HKEY_USERS\.DEFAULT\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA 
regedit /e lsafiles\7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" 
regedit /e lsafiles\8.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr" 
Regedit /e lsafiles\9.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies 
Regedit /e lsafiles\10.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies 
Regedit /e lsafiles\11.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WindowsFirewall 
Regedit /e lsafiles\12.txt HKEY_CURRENT_USER\SOFTWARE\Policies\WindowsFirewall 
regedit /e lsafiles\13.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess 
regedit /e lsafiles\14.txt HKEY_LOCAL_MACHINE\SYSTEM\Services\SharedAccess 
regedit /e lsafiles\15.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate 
regedit /e lsafiles\16.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" 
regedit /e lsafiles\17.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center" 
regedit /e lsafiles\18.txt "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore" 
regedit /e lsafiles\19.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\systemrestore" 
regedit /e lsafiles\20.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wscsvc 
regedit /e lsafiles\21.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TlntSvr 
regedit /e lsafiles\22.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
regedit /e lsafiles\23.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
regedit /e lsafiles\24.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
regedit /e lsafiles\26.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter"
regedit /e lsafiles\27.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\ExclusionList"
reg query "hklm\SYSTEM\CurrentControlSet\Control" /v "WaitToKillServiceTimeout" > %systemdrive%\lsafiles\25.txt


Copy lsafiles\*.txt = %systemdrive%\lsa.txt 
rmdir /s /q lsafiles 
Notepad %systemdrive%\lsa.txt
exit

Locate revealbot.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.
______

download RegSearch Tool by Bobbi Flekman

Unzip it to your desktop

In the search box, enter the keyword below & click "Ok".

xpdx

Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply along with a fresh HijackThis log.
____

On your next reply, please include a
  • Fresh HijackThis log.
  • Superantispyware log.
  • revealbot.bat results
  • OTmoveit log.
  • regsearch results.
  • a new gmer log. (Don't worry about it BSOD'ing..It looks like it finished scanning anyway)
 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]
"NoChangingWallpaper"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=dword:00000000
"NoSetActiveDesktop"=dword:00000001
"NoActiveDesktopChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{17492023-C23A-453E-A040-C7C580BBF700}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Start"=dword:00000002
"DependOnGroup"=hex(7):00,00
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00000dcb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center]
"FirstRun"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TlntSvr]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,6c,00,6e,\
00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="Telnet"
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,54,00,43,00,50,00,\
49,00,50,00,00,00,4e,00,54,00,4c,00,4d,00,53,00,53,00,50,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"=hex(2):45,00,6e,00,61,00,62,00,6c,00,65,00,73,00,20,00,61,00,20,\
00,72,00,65,00,6d,00,6f,00,74,00,65,00,20,00,75,00,73,00,65,00,72,00,20,00,\
74,00,6f,00,20,00,6c,00,6f,00,67,00,20,00,6f,00,6e,00,20,00,74,00,6f,00,20,\
00,74,00,68,00,69,00,73,00,20,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,\
72,00,20,00,61,00,6e,00,64,00,20,00,72,00,75,00,6e,00,20,00,70,00,72,00,6f,\
00,67,00,72,00,61,00,6d,00,73,00,2c,00,20,00,61,00,6e,00,64,00,20,00,73,00,\
75,00,70,00,70,00,6f,00,72,00,74,00,73,00,20,00,76,00,61,00,72,00,69,00,6f,\
00,75,00,73,00,20,00,54,00,43,00,50,00,2f,00,49,00,50,00,20,00,54,00,65,00,\
6c,00,6e,00,65,00,74,00,20,00,63,00,6c,00,69,00,65,00,6e,00,74,00,73,00,2c,\
00,20,00,69,00,6e,00,63,00,6c,00,75,00,64,00,69,00,6e,00,67,00,20,00,55,00,\
4e,00,49,00,58,00,2d,00,62,00,61,00,73,00,65,00,64,00,20,00,61,00,6e,00,64,\
00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,2d,00,62,00,61,00,73,00,\
65,00,64,00,20,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,73,00,2e,\
00,20,00,49,00,66,00,20,00,74,00,68,00,69,00,73,00,20,00,73,00,65,00,72,00,\
76,00,69,00,63,00,65,00,20,00,69,00,73,00,20,00,73,00,74,00,6f,00,70,00,70,\
00,65,00,64,00,2c,00,20,00,72,00,65,00,6d,00,6f,00,74,00,65,00,20,00,75,00,\
73,00,65,00,72,00,20,00,61,00,63,00,63,00,65,00,73,00,73,00,20,00,74,00,6f,\
00,20,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,20,00,6d,00,69,00,\
67,00,68,00,74,00,20,00,62,00,65,00,20,00,75,00,6e,00,61,00,76,00,61,00,69,\
00,6c,00,61,00,62,00,6c,00,65,00,2e,00,20,00,49,00,66,00,20,00,74,00,68,00,\
69,00,73,00,20,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,69,00,73,\
00,20,00,64,00,69,00,73,00,61,00,62,00,6c,00,65,00,64,00,2c,00,20,00,61,00,\
6e,00,79,00,20,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,20,00,74,\
00,68,00,61,00,74,00,20,00,65,00,78,00,70,00,6c,00,69,00,63,00,69,00,74,00,\
6c,00,79,00,20,00,64,00,65,00,70,00,65,00,6e,00,64,00,20,00,6f,00,6e,00,20,\
00,69,00,74,00,20,00,77,00,69,00,6c,00,6c,00,20,00,66,00,61,00,69,00,6c,00,\
20,00,74,00,6f,00,20,00,73,00,74,00,61,00,72,00,74,00,2e,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TlntSvr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start."
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"DisplayName"="Remote Registry"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"ObjectName"="LocalSystem"
"Group"=""
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,65,00,67,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\\LEGACY_REMOTEREGISTRY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,4c,\
00,4c,00,53,00,52,00,50,00,43,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,\
72,00,00,00,00,00
"NullSessionShares"=hex(7):43,00,4f,00,4d,00,43,00,46,00,47,00,00,00,44,00,46,\
00,53,00,24,00,00,00,00,00
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,72,00,76,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:fb,34,80,a8,cb,1d,a6,4d,89,08,5c,fa,df,0f,8d,27
"AdjustedNullSessionPipes"=dword:00000001
"CachedOpenLimit"=dword:00000000
"srvcomment"="MAIN"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"OtherDomains"=hex(7):00,00

‡䕒⹇塅⁅䕖卒佉⁎⸳രഊ䠊䕋彙佌䅃彌䅍䡃义居奓呓䵅䍜牵敲瑮潃瑮潲卬瑥䍜湯牴汯਍††慗瑩潔楋汬敓癲捩呥浩潥瑵刉䝅卟ग़〲〰രഊ圊椀渀搀漀眀猀 刀攀最椀猀琀爀礀 䔀搀椀琀漀爀 嘀攀爀猀椀漀渀 㔀⸀  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀漀昀琀眀愀爀攀尀䴀椀挀爀漀猀漀昀琀尀倀䌀䠀攀愀氀琀栀尀䔀爀爀漀爀刀攀瀀漀爀琀椀渀最尀䔀砀挀氀甀猀椀漀渀䰀椀猀琀崀ഀ਀∀愀椀洀⸀攀砀攀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀倀栀漀琀漀猀栀漀瀀 䄀氀戀甀洀 匀琀愀爀琀攀爀 䔀搀椀琀椀漀渀⸀攀砀攀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀䌀漀洀瀀漀渀攀渀琀䰀愀甀渀挀栀攀爀⸀攀砀攀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀匀伀䘀䘀䤀䌀䔀⸀䔀堀䔀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀ഀ਀圀椀渀搀漀眀猀 刀攀最椀猀琀爀礀 䔀搀椀琀漀爀 嘀攀爀猀椀漀渀 㔀⸀  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀伀氀攀崀ഀ਀∀䐀攀昀愀甀氀琀䰀愀甀渀挀栀倀攀爀洀椀猀猀椀漀渀∀㴀栀攀砀㨀 ㄀Ⰰ  Ⰰ 㐀Ⰰ㠀 Ⰰ㔀挀Ⰰ  Ⰰ  Ⰰ  Ⰰ㘀挀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀  ㄀㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㈀Ⰰ  Ⰰ㐀㠀Ⰰ  Ⰰ ㌀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㠀Ⰰ  Ⰰ㄀昀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ 戀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ 㔀Ⰰ 㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ 戀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㄀㈀Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ尀ഀ਀  ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  ഀ਀∀䴀愀挀栀椀渀攀䰀愀甀渀挀栀刀攀猀琀爀椀挀琀椀漀渀∀㴀栀攀砀㨀 ㄀Ⰰ  Ⰰ 㐀Ⰰ㠀 Ⰰ㐀㠀Ⰰ  Ⰰ  Ⰰ  Ⰰ㔀㠀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀  ㄀㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㈀Ⰰ  Ⰰ㌀㐀Ⰰ  Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㠀Ⰰ  Ⰰ㄀昀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ 戀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ尀ഀ਀    Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  ഀ਀∀䴀愀挀栀椀渀攀䄀挀挀攀猀猀刀攀猀琀爀椀挀琀椀漀渀∀㴀栀攀砀㨀 ㄀Ⰰ  Ⰰ 㐀Ⰰ㠀 Ⰰ㐀㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ㔀㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀  ㄀㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㈀Ⰰ  Ⰰ㌀ Ⰰ  Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ ㌀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ  Ⰰ 㔀Ⰰ 㜀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ 㜀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀   㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ ㈀Ⰰ  Ⰰ  ഀ਀∀䔀渀愀戀氀攀䐀䌀伀䴀∀㴀∀夀∀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀伀氀攀尀䄀瀀瀀䌀漀洀瀀愀琀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀伀氀攀尀䄀瀀瀀䌀漀洀瀀愀琀尀䄀挀琀椀瘀愀琀椀漀渀匀攀挀甀爀椀琀礀䌀栀攀挀欀䔀砀攀洀瀀琀椀漀渀䰀椀猀琀崀ഀ਀∀笀䄀㔀 ㌀㤀㠀䈀㠀ⴀ㤀 㜀㔀ⴀ㐀䘀䈀䘀ⴀ䄀㜀䄀㄀ⴀ㐀㔀㘀䈀䘀㈀㄀㤀㌀㜀䄀䐀紀∀㴀∀㄀∀ഀ਀∀笀䄀䐀㘀㔀䄀㘀㤀䐀ⴀ㌀㠀㌀㄀ⴀ㐀 䐀㜀ⴀ㤀㘀㈀㤀ⴀ㤀䈀 䈀㔀 䄀㤀㌀㠀㐀㌀紀∀㴀∀㄀∀ഀ਀∀笀  㐀 䐀㈀㈀㄀ⴀ㔀㐀䄀㄀ⴀ㄀㄀䐀㄀ⴀ㤀䐀䔀 ⴀ  㘀 㤀㜀 㐀㈀䐀㘀㤀紀∀㴀∀㄀∀ഀ਀∀笀㈀䄀㘀䐀㜀㈀䘀㄀ⴀ㘀䔀㜀䔀ⴀ㐀㜀 ㈀ⴀ䈀㤀㤀䌀ⴀ䔀㐀 䐀㌀䐀䔀䐀㌀㌀䌀㌀紀∀㴀∀㄀∀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀伀氀攀尀一伀一刀䔀䐀䤀匀吀崀ഀ਀∀匀礀猀琀攀洀⸀䔀渀琀攀爀瀀爀椀猀攀匀攀爀瘀椀挀攀猀⸀吀栀甀渀欀⸀搀氀氀∀㴀∀∀ഀ਀ഀ਀圀椀渀搀漀眀猀 刀攀最椀猀琀爀礀 䔀搀椀琀漀爀 嘀攀爀猀椀漀渀 㔀⸀  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀崀ഀ਀∀䄀甀琀栀攀渀琀椀挀愀琀椀漀渀 倀愀挀欀愀最攀猀∀㴀栀攀砀⠀㜀⤀㨀㘀搀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㘀Ⰰ  Ⰰ㌀㄀Ⰰ  Ⰰ㔀昀Ⰰ  Ⰰ㌀ Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    ഀ਀∀䈀漀甀渀搀猀∀㴀栀攀砀㨀  Ⰰ㌀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀ Ⰰ  Ⰰ  ഀ਀∀匀攀挀甀爀椀琀礀 倀愀挀欀愀最攀猀∀㴀栀攀砀⠀㜀⤀㨀㘀戀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㜀㈀Ⰰ  Ⰰ㘀㈀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㜀㈀Ⰰ  Ⰰ㘀昀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ㘀搀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㘀Ⰰ  Ⰰ㌀㄀Ⰰ  Ⰰ㔀昀Ⰰ  Ⰰ㌀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㘀㌀Ⰰ  Ⰰ㘀㠀Ⰰ  Ⰰ㘀㄀Ⰰ  Ⰰ㘀攀Ⰰ  Ⰰ尀ഀ਀  㘀攀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㘀挀Ⰰ  Ⰰ  Ⰰ  Ⰰ㜀㜀Ⰰ  Ⰰ㘀㐀Ⰰ  Ⰰ㘀㤀Ⰰ  Ⰰ㘀㜀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    ഀ਀∀䤀洀瀀攀爀猀漀渀愀琀攀倀爀椀瘀椀氀攀最攀唀瀀最爀愀搀攀吀漀漀氀䠀愀猀刀甀渀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀䰀猀愀倀椀搀∀㴀搀眀漀爀搀㨀     ㌀㘀挀ഀ਀∀匀攀挀甀爀攀䈀漀漀琀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀愀甀搀椀琀戀愀猀攀漀戀樀攀挀琀猀∀㴀搀眀漀爀搀㨀        ഀ਀∀挀爀愀猀栀漀渀愀甀搀椀琀昀愀椀氀∀㴀搀眀漀爀搀㨀        ഀ਀∀搀椀猀愀戀氀攀搀漀洀愀椀渀挀爀攀搀猀∀㴀搀眀漀爀搀㨀        ഀ਀∀攀瘀攀爀礀漀渀攀椀渀挀氀甀搀攀猀愀渀漀渀礀洀漀甀猀∀㴀搀眀漀爀搀㨀        ഀ਀∀昀椀瀀猀愀氀最漀爀椀琀栀洀瀀漀氀椀挀礀∀㴀搀眀漀爀搀㨀        ഀ਀∀昀漀爀挀攀最甀攀猀琀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀昀甀氀氀瀀爀椀瘀椀氀攀最攀愀甀搀椀琀椀渀最∀㴀栀攀砀㨀  ഀ਀∀氀椀洀椀琀戀氀愀渀欀瀀愀猀猀眀漀爀搀甀猀攀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀氀洀挀漀洀瀀愀琀椀戀椀氀椀琀礀氀攀瘀攀氀∀㴀搀眀漀爀搀㨀        ഀ਀∀渀漀搀攀昀愀甀氀琀愀搀洀椀渀漀眀渀攀爀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀渀漀氀洀栀愀猀栀∀㴀搀眀漀爀搀㨀        ഀ਀∀爀攀猀琀爀椀挀琀愀渀漀渀礀洀漀甀猀∀㴀搀眀漀爀搀㨀        ഀ਀∀爀攀猀琀爀椀挀琀愀渀漀渀礀洀漀甀猀猀愀洀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀一漀琀椀昀椀挀愀琀椀漀渀 倀愀挀欀愀最攀猀∀㴀栀攀砀⠀㜀⤀㨀㜀㌀Ⰰ  Ⰰ㘀㌀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㘀㌀Ⰰ  Ⰰ㘀挀Ⰰ  Ⰰ㘀㤀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䄀挀挀攀猀猀倀爀漀瘀椀搀攀爀猀崀ഀ਀∀倀爀漀瘀椀搀攀爀伀爀搀攀爀∀㴀栀攀砀⠀㜀⤀㨀㔀㜀Ⰰ  Ⰰ㘀㤀Ⰰ  Ⰰ㘀攀Ⰰ  Ⰰ㘀㐀Ⰰ  Ⰰ㘀昀Ⰰ  Ⰰ㜀㜀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㈀ Ⰰ  Ⰰ㐀攀Ⰰ  Ⰰ尀ഀ਀  㔀㐀Ⰰ  Ⰰ㈀ Ⰰ  Ⰰ㐀㄀Ⰰ  Ⰰ㘀㌀Ⰰ  Ⰰ㘀㌀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㈀ Ⰰ  Ⰰ㔀 Ⰰ  Ⰰ㜀㈀Ⰰ  Ⰰ㘀昀Ⰰ  Ⰰ㜀㘀Ⰰ尀ഀ਀    Ⰰ㘀㤀Ⰰ  Ⰰ㘀㐀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㜀㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䄀挀挀攀猀猀倀爀漀瘀椀搀攀爀猀尀圀椀渀搀漀眀猀 一吀 䄀挀挀攀猀猀 倀爀漀瘀椀搀攀爀崀ഀ਀∀倀爀漀瘀椀搀攀爀倀愀琀栀∀㴀栀攀砀⠀㈀⤀㨀㈀㔀Ⰰ  Ⰰ㔀㌀Ⰰ  Ⰰ㜀㤀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㐀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㘀搀Ⰰ  Ⰰ㔀㈀Ⰰ  Ⰰ㘀昀Ⰰ  Ⰰ㘀昀Ⰰ尀ഀ਀    Ⰰ㜀㐀Ⰰ  Ⰰ㈀㔀Ⰰ  Ⰰ㔀挀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㤀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㐀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㘀搀Ⰰ  Ⰰ㌀㌀Ⰰ  Ⰰ㌀㈀Ⰰ  Ⰰ㔀挀Ⰰ  Ⰰ尀ഀ਀  㘀攀Ⰰ  Ⰰ㜀㐀Ⰰ  Ⰰ㘀搀Ⰰ  Ⰰ㘀㄀Ⰰ  Ⰰ㜀㈀Ⰰ  Ⰰ㜀㐀Ⰰ  Ⰰ㘀㄀Ⰰ  Ⰰ㈀攀Ⰰ  Ⰰ㘀㐀Ⰰ  Ⰰ㘀挀Ⰰ  Ⰰ㘀挀Ⰰ  Ⰰ  Ⰰ  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䄀甀搀椀琀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䄀甀搀椀琀尀倀攀爀唀猀攀爀䄀甀搀椀琀椀渀最崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䄀甀搀椀琀尀倀攀爀唀猀攀爀䄀甀搀椀琀椀渀最尀匀礀猀琀攀洀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䐀愀琀愀崀ഀ਀∀倀愀琀琀攀爀渀∀㴀栀攀砀㨀㄀㠀Ⰰ㄀ Ⰰ㘀昀Ⰰ㄀㜀Ⰰ挀㐀Ⰰ㈀攀Ⰰ攀㤀Ⰰ㠀愀Ⰰ攀昀Ⰰ㌀ Ⰰ搀㤀Ⰰ攀㔀Ⰰ戀㈀Ⰰ㈀戀Ⰰ㈀挀Ⰰ㐀昀Ⰰ㌀㐀Ⰰ㘀㔀Ⰰ㘀㐀Ⰰ㌀㄀Ⰰ㌀㈀Ⰰ尀ഀ਀  ㌀㄀Ⰰ㘀㈀Ⰰ㌀㈀Ⰰ  Ⰰ昀搀Ⰰ 㜀Ⰰ  Ⰰ攀愀Ⰰ㌀戀Ⰰ  Ⰰ  Ⰰ㌀㐀Ⰰ昀愀Ⰰ 㜀Ⰰ  Ⰰ㔀㘀Ⰰ㠀㈀Ⰰ㜀挀Ⰰ㜀㔀Ⰰ㈀ Ⰰ昀愀Ⰰ 㜀Ⰰ  Ⰰ㐀 Ⰰ昀搀Ⰰ尀ഀ਀   㜀Ⰰ  Ⰰ㐀挀Ⰰ昀搀Ⰰ 㜀Ⰰ  Ⰰ愀㘀Ⰰ㈀戀Ⰰ戀攀Ⰰ㘀搀Ⰰ㤀㄀Ⰰ搀搀Ⰰ搀㄀Ⰰ㔀 Ⰰ挀㔀Ⰰ 搀Ⰰ㈀攀Ⰰ㐀攀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䜀䈀䜀崀ഀ਀∀䜀爀愀昀䈀氀甀洀䜀爀漀甀瀀∀㴀栀攀砀㨀㜀挀Ⰰ㈀愀Ⰰ㄀㈀Ⰰ㠀搀Ⰰ戀戀Ⰰ愀戀Ⰰ㔀㤀Ⰰ昀 Ⰰ㘀㌀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䨀䐀崀ഀ਀∀䰀漀漀欀甀瀀∀㴀栀攀砀㨀㈀愀Ⰰ搀㤀Ⰰ戀㔀Ⰰ戀攀Ⰰ㔀㠀Ⰰ㈀㄀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䬀攀爀戀攀爀漀猀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䬀攀爀戀攀爀漀猀尀䐀漀洀愀椀渀猀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䬀攀爀戀攀爀漀猀尀匀椀搀䌀愀挀栀攀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀䴀匀嘀㄀开 崀ഀ਀∀䄀甀琀栀㄀㌀㈀∀㴀∀䤀䤀匀匀唀䈀䄀∀ഀ਀∀渀琀氀洀洀椀渀挀氀椀攀渀琀猀攀挀∀㴀搀眀漀爀搀㨀        ഀ਀∀渀琀氀洀洀椀渀猀攀爀瘀攀爀猀攀挀∀㴀搀眀漀爀搀㨀        ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀匀欀攀眀㄀崀ഀ਀∀匀欀攀眀䴀愀琀爀椀砀∀㴀栀攀砀㨀㠀㐀Ⰰ搀搀Ⰰ㄀㐀Ⰰ㠀搀Ⰰ戀㌀Ⰰ㄀挀Ⰰ挀攀Ⰰ㠀昀Ⰰ昀㔀Ⰰ戀㈀Ⰰ㤀㤀Ⰰ愀㄀Ⰰ昀㠀Ⰰ昀㘀Ⰰ搀㌀Ⰰ㐀搀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀匀匀伀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀匀匀伀尀倀愀猀猀瀀漀爀琀㄀⸀㐀崀ഀ਀∀匀匀伀唀刀䰀∀㴀∀栀琀琀瀀㨀⼀⼀眀眀眀⸀瀀愀猀猀瀀漀爀琀⸀挀漀洀∀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀匀猀瀀椀䌀愀挀栀攀崀ഀ਀∀吀椀洀攀∀㴀栀攀砀㨀㔀攀Ⰰ㌀㘀Ⰰ戀愀Ⰰ愀㤀Ⰰ搀搀Ⰰ㔀挀Ⰰ挀㘀Ⰰ ㄀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀匀猀瀀椀䌀愀挀栀攀尀搀椀最攀猀琀⸀搀氀氀崀ഀ਀∀一愀洀攀∀㴀∀䐀椀最攀猀琀∀ഀ਀∀䌀漀洀洀攀渀琀∀㴀∀䐀椀最攀猀琀 匀匀倀䤀 䄀甀琀栀攀渀琀椀挀愀琀椀漀渀 倀愀挀欀愀最攀∀ഀ਀∀䌀愀瀀愀戀椀氀椀琀椀攀猀∀㴀搀眀漀爀搀㨀    㐀 㔀 ഀ਀∀刀瀀挀䤀搀∀㴀搀眀漀爀搀㨀    昀昀昀昀ഀ਀∀嘀攀爀猀椀漀渀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀吀漀欀攀渀匀椀稀攀∀㴀搀眀漀爀搀㨀    昀昀昀昀ഀ਀∀吀椀洀攀∀㴀栀攀砀㨀  Ⰰ挀攀Ⰰ㈀攀Ⰰ㜀 Ⰰ搀昀Ⰰ㜀㤀Ⰰ挀㐀Ⰰ ㄀ഀ਀∀吀礀瀀攀∀㴀搀眀漀爀搀㨀      ㌀㄀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀匀猀瀀椀䌀愀挀栀攀尀洀猀愀瀀猀猀瀀挀⸀搀氀氀崀ഀ਀∀一愀洀攀∀㴀∀䐀倀䄀∀ഀ਀∀䌀漀洀洀攀渀琀∀㴀∀䐀倀䄀 匀攀挀甀爀椀琀礀 倀愀挀欀愀最攀∀ഀ਀∀䌀愀瀀愀戀椀氀椀琀椀攀猀∀㴀搀眀漀爀搀㨀      ㌀㜀ഀ਀∀刀瀀挀䤀搀∀㴀搀眀漀爀搀㨀      ㄀㄀ഀ਀∀嘀攀爀猀椀漀渀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀吀漀欀攀渀匀椀稀攀∀㴀搀眀漀爀搀㨀     ㌀  ഀ਀∀吀椀洀攀∀㴀栀攀砀㨀  Ⰰ挀攀Ⰰ㈀攀Ⰰ㜀 Ⰰ搀昀Ⰰ㜀㤀Ⰰ挀㐀Ⰰ ㄀ഀ਀∀吀礀瀀攀∀㴀搀眀漀爀搀㨀      ㌀㄀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀礀猀琀攀洀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀䌀漀渀琀爀漀氀尀䰀猀愀尀匀猀瀀椀䌀愀挀栀攀尀洀猀渀猀猀瀀挀⸀搀氀氀崀ഀ਀∀一愀洀攀∀㴀∀䴀匀一∀ഀ਀∀䌀漀洀洀攀渀琀∀㴀∀䴀匀一 匀攀挀甀爀椀琀礀 倀愀挀欀愀最攀∀ഀ਀∀䌀愀瀀愀戀椀氀椀琀椀攀猀∀㴀搀眀漀爀搀㨀      ㌀㜀ഀ਀∀刀瀀挀䤀搀∀㴀搀眀漀爀搀㨀      ㄀㈀ഀ਀∀嘀攀爀猀椀漀渀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀吀漀欀攀渀匀椀稀攀∀㴀搀眀漀爀搀㨀     ㌀  ഀ਀∀吀椀洀攀∀㴀栀攀砀㨀  Ⰰ挀攀Ⰰ㈀攀Ⰰ㜀 Ⰰ搀昀Ⰰ㜀㤀Ⰰ挀㐀Ⰰ ㄀ഀ਀∀吀礀瀀攀∀㴀搀眀漀爀搀㨀      ㌀㄀ഀ਀ഀ਀圀椀渀搀漀眀猀 刀攀最椀猀琀爀礀 䔀搀椀琀漀爀 嘀攀爀猀椀漀渀 㔀⸀  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀匀栀攀氀氀匀攀爀瘀椀挀攀伀戀樀攀挀琀䐀攀氀愀礀䰀漀愀搀崀ഀ਀∀倀漀猀琀䈀漀漀琀刀攀洀椀渀搀攀爀∀㴀∀笀㜀㠀㐀㤀㔀㤀㘀愀ⴀ㐀㠀攀愀ⴀ㐀㠀㘀攀ⴀ㠀㤀㌀㜀ⴀ愀㈀愀㌀  㤀昀㌀㄀愀㤀紀∀ഀ਀∀䌀䐀䈀甀爀渀∀㴀∀笀昀戀攀戀㠀愀 㔀ⴀ戀攀攀攀ⴀ㐀㐀㐀㈀ⴀ㠀 㐀攀ⴀ㐀 㤀搀㘀挀㐀㔀㄀㔀攀㤀紀∀ഀ਀∀圀攀戀䌀栀攀挀欀∀㴀∀笀䔀㘀䘀䈀㔀䔀㈀ ⴀ䐀䔀㌀㔀ⴀ㄀㄀䌀䘀ⴀ㤀䌀㠀㜀ⴀ  䄀䄀  㔀㄀㈀㜀䔀䐀紀∀ഀ਀∀匀礀猀吀爀愀礀∀㴀∀笀㌀㔀䌀䔀䌀㠀䄀㌀ⴀ㈀䈀䔀㘀ⴀ㄀㄀䐀㈀ⴀ㠀㜀㜀㌀ⴀ㤀㈀䔀㈀㈀ 㔀㈀㐀㄀㔀㌀紀∀ഀ਀∀圀倀䐀匀栀匀攀爀瘀椀挀攀伀戀樀∀㴀∀笀䄀䄀䄀㈀㠀㠀䈀䄀ⴀ㤀䄀㐀䌀ⴀ㐀㔀䈀 ⴀ㤀㔀䐀㜀ⴀ㤀㐀䐀㔀㈀㐀㠀㘀㤀䐀䈀㔀紀∀ഀ਀∀瘀䠀搀愀砀焀唀䌀䜀匀∀㴀∀笀䌀䌀䌀䌀㤀㄀㜀㈀ⴀ㘀㘀㘀㘀ⴀ㌀䈀䐀㠀ⴀ㔀㌀䈀䔀ⴀ㌀㌀㠀㐀䄀䘀䘀䌀㐀䈀㠀䈀紀∀ഀ਀∀䴀匀一 䴀攀猀猀攀渀最攀爀∀㴀∀笀㈀㠀 䄀㜀䈀㘀㔀ⴀ㠀䘀  ⴀ㐀㌀㠀䘀ⴀ㌀䔀㔀䄀ⴀ㄀䘀 ㌀㤀㐀㌀㌀䘀䔀㘀 紀∀ഀ਀ഀ਀圀椀渀搀漀眀猀 刀攀最椀猀琀爀礀 䔀搀椀琀漀爀 嘀攀爀猀椀漀渀 㔀⸀  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀夀匀吀䔀䴀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀匀攀爀瘀椀挀攀猀尀猀爀崀ഀ਀∀吀礀瀀攀∀㴀搀眀漀爀搀㨀       ㈀ഀ਀∀匀琀愀爀琀∀㴀搀眀漀爀搀㨀        ഀ਀∀䔀爀爀漀爀䌀漀渀琀爀漀氀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀吀愀最∀㴀搀眀漀爀搀㨀       㐀ഀ਀∀䤀洀愀最攀倀愀琀栀∀㴀栀攀砀⠀㈀⤀㨀㜀㌀Ⰰ  Ⰰ㜀㤀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㐀Ⰰ  Ⰰ㘀㔀Ⰰ  Ⰰ㘀搀Ⰰ  Ⰰ㌀㌀Ⰰ  Ⰰ㌀㈀Ⰰ  Ⰰ㔀挀Ⰰ  Ⰰ㐀㐀Ⰰ  Ⰰ尀ഀ਀  㔀㈀Ⰰ  Ⰰ㐀㤀Ⰰ  Ⰰ㔀㘀Ⰰ  Ⰰ㐀㔀Ⰰ  Ⰰ㔀㈀Ⰰ  Ⰰ㔀㌀Ⰰ  Ⰰ㔀挀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㈀Ⰰ  Ⰰ㈀攀Ⰰ  Ⰰ㜀㌀Ⰰ  Ⰰ㜀㤀Ⰰ  Ⰰ㜀㌀Ⰰ尀ഀ਀    Ⰰ  Ⰰ  ഀ਀∀䐀椀猀瀀氀愀礀一愀洀攀∀㴀∀匀礀猀琀攀洀 刀攀猀琀漀爀攀 䘀椀氀琀攀爀 䐀爀椀瘀攀爀∀ഀ਀∀䜀爀漀甀瀀∀㴀∀䘀匀䘀椀氀琀攀爀 匀礀猀琀攀洀 刀攀挀漀瘀攀爀礀∀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀夀匀吀䔀䴀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀匀攀爀瘀椀挀攀猀尀猀爀尀倀愀爀愀洀攀琀攀爀猀崀ഀ਀∀䘀椀爀猀琀刀甀渀∀㴀搀眀漀爀搀㨀        ഀ਀∀䐀漀渀琀䈀愀挀欀甀瀀∀㴀搀眀漀爀搀㨀        ഀ਀∀䴀愀挀栀椀渀攀䜀甀椀搀∀㴀∀笀㔀㠀㤀㔀 㔀㠀䄀ⴀ䈀㠀㌀䌀ⴀ㐀䄀㌀䄀ⴀ䈀㔀䐀䄀ⴀ㌀㈀㠀 㘀㘀䐀㜀㠀䘀 䔀紀∀ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀夀匀吀䔀䴀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀匀攀爀瘀椀挀攀猀尀猀爀尀匀攀挀甀爀椀琀礀崀ഀ਀∀匀攀挀甀爀椀琀礀∀㴀栀攀砀㨀 ㄀Ⰰ  Ⰰ㄀㐀Ⰰ㠀 Ⰰ㤀 Ⰰ  Ⰰ  Ⰰ  Ⰰ㤀挀Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ㌀ Ⰰ  Ⰰ  Ⰰ  Ⰰ ㈀Ⰰ尀ഀ਀    Ⰰ㄀挀Ⰰ  Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㈀Ⰰ㠀 Ⰰ㄀㐀Ⰰ  Ⰰ昀昀Ⰰ ㄀Ⰰ 昀Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ  Ⰰ ㈀Ⰰ  Ⰰ㘀 Ⰰ  Ⰰ 㐀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ昀搀Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀   㔀Ⰰ㄀㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㠀Ⰰ  Ⰰ昀昀Ⰰ ㄀Ⰰ 昀Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀  ㈀ Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ㄀㐀Ⰰ  Ⰰ㠀搀Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ 戀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ尀ഀ਀    Ⰰ㄀㠀Ⰰ  Ⰰ昀搀Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ ㄀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㈀ Ⰰ  Ⰰ  Ⰰ  Ⰰ㈀㌀Ⰰ ㈀Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ尀ഀ਀    Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㄀㈀Ⰰ  Ⰰ  Ⰰ  Ⰰ ㄀Ⰰ ㄀Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ  Ⰰ 㔀Ⰰ㄀㈀Ⰰ  Ⰰ  Ⰰ  ഀ਀ഀ਀嬀䠀䬀䔀夀开䰀伀䌀䄀䰀开䴀䄀䌀䠀䤀一䔀尀匀夀匀吀䔀䴀尀䌀甀爀爀攀渀琀䌀漀渀琀爀漀氀匀攀琀尀匀攀爀瘀椀挀攀猀尀猀爀尀䔀渀甀洀崀ഀ਀∀ ∀㴀∀刀漀漀琀尀尀䰀䔀䜀䄀䌀夀开匀刀尀尀    ∀ഀ਀∀䌀漀甀渀琀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀一攀砀琀䤀渀猀琀愀渀挀攀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀ഀ਀圀椀渀搀漀眀猀 刀攀最椀猀琀爀礀 䔀搀椀琀漀爀 嘀攀爀猀椀漀渀 㔀⸀  ഀ਀ഀ਀嬀䠀䬀䔀夀开䌀唀刀刀䔀一吀开唀匀䔀刀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀瀀漀氀椀挀椀攀猀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䌀唀刀刀䔀一吀开唀匀䔀刀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀瀀漀氀椀挀椀攀猀尀䄀挀琀椀瘀攀䐀攀猀欀琀漀瀀崀ഀ਀∀一漀䌀栀愀渀最椀渀最圀愀氀氀瀀愀瀀攀爀∀㴀搀眀漀爀搀㨀        ഀ਀ഀ਀嬀䠀䬀䔀夀开䌀唀刀刀䔀一吀开唀匀䔀刀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀瀀漀氀椀挀椀攀猀尀挀漀洀搀氀最㌀㈀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䌀唀刀刀䔀一吀开唀匀䔀刀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀瀀漀氀椀挀椀攀猀尀䔀砀瀀氀漀爀攀爀崀ഀ਀∀一漀䐀爀椀瘀攀吀礀瀀攀䄀甀琀漀刀甀渀∀㴀搀眀漀爀搀㨀      㤀㄀ഀ਀∀一漀䐀爀椀瘀攀猀∀㴀搀眀漀爀搀㨀        ഀ਀∀一漀嘀椀攀眀伀渀䐀爀椀瘀攀∀㴀搀眀漀爀搀㨀        ഀ਀∀一漀匀攀琀䄀挀琀椀瘀攀䐀攀猀欀琀漀瀀∀㴀搀眀漀爀搀㨀       ㄀ഀ਀∀一漀䄀挀琀椀瘀攀䐀攀猀欀琀漀瀀䌀栀愀渀最攀猀∀㴀搀眀漀爀搀㨀        ഀ਀ഀ਀嬀䠀䬀䔀夀开䌀唀刀刀䔀一吀开唀匀䔀刀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀瀀漀氀椀挀椀攀猀尀一漀渀䔀渀甀洀崀ഀ਀ഀ਀嬀䠀䬀䔀夀开䌀唀刀刀䔀一吀开唀匀䔀刀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀瀀漀氀椀挀椀攀猀尀匀礀猀琀攀洀崀ഀ਀∀䐀椀猀愀戀氀攀吀愀猀欀䴀最爀∀㴀搀眀漀爀搀㨀        ഀ਀ഀ਀嬀䠀䬀䔀夀开䌀唀刀刀䔀一吀开唀匀䔀刀尀匀伀䘀吀圀䄀刀䔀尀䴀椀挀爀漀猀漀昀琀尀圀椀渀搀漀眀猀尀䌀甀爀爀攀渀琀嘀攀爀猀椀漀渀尀瀀漀氀椀挀椀攀猀尀唀渀椀渀猀琀愀氀氀崀ഀ਀ഀ਀
 
REG SEARCH LOG

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 9/2/2007 11:26:11 PM for strings:
; 'xpdx'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\xpdx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\xpdx]
; Contents of value:
; \??\C:\WINDOWS\system32\xpdx.sys
 
MOVE IT LOG

File/Folder C:\WINDOWS\system32\oimp.dll not found.
File/Folder C:\WINDOWS\system32\hgghfcb.dll not found.
File/Folder C:\WINDOWS\system32\winlbi32.dll not found.
File/Folder C:\WINDOWS\9129837.exe not found.
File/Folder C:\Program Files\Web Buying not found.
File/Folder C:\WINDOWS\retadpu1000106.exe not found.
File/Folder c:\jnkk.exe not found.
File/Folder C:\WINDOWS\ServicePackFiles\winlogon.exe not found.
File/Folder C:\WINDOWS\system32\pipmon.exe not found.
C:\WINDOWS\system32\iseltjy.dll unregistered successfully.
C:\WINDOWS\system32\iseltjy.dll moved successfully.
C:\VundoFix Backups moved successfully.
C:\WINDOWS\system32\adeeg.bak1 moved successfully.
C:\WINDOWS\tmp375203.bat moved successfully.
File/Folder C:\WINDOWS\system32\ezhfjf32.dll not found.
File/Folder C:\WINDOWS\system32\Setup155.exe not found.
C:\WINDOWS\TWlrZQ moved successfully.
C:\WINDOWS\system32\tmps7 moved successfully.
C:\WINDOWS\system32\ICM23 moved successfully.
C:\WINDOWS\system32\dllsz moved successfully.
C:\WINDOWS\system32\cofig1 moved successfully.
C:\WINDOWS\system32\f03WtR moved successfully.
C:\Temp\1cb moved successfully.
C:\Temp moved successfully.
C:\Documents and Settings\All Users\Application Data\Trymedia\licenses moved successfully.
C:\Documents and Settings\All Users\Application Data\Trymedia moved successfully.
C:\WINDOWS\g4356cbvy63.exe moved successfully.
C:\WINDOWS\uni_eh44.exe moved successfully.
C:\WINDOWS\uninst1014.exe moved successfully.
File move failed. C:\WINDOWS\system32\xpdx.sys scheduled to be moved on reboot.
File/Folder C:\Program Files\Norton AntiVirus not found.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC moved successfully.
C:\Program Files\Common Files\Symantec Shared moved successfully.
File/Folder C:\Program Files\Symantec not found.

Created on 09/02/2007 23:02:40
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:59 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 3.exe~
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144701120484
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: vHdaxqUCGS - {CCCC9172-6666-3BD8-53BE-3384AFFC4B8B} - C:\WINDOWS\system32\oimp.dll (file missing)
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINDOWS\system32\dssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 6853 bytes
 
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-02 23:34:36
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3037.SYS The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[360] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\Explorer.EXE[360] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\Explorer.EXE[360] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\Explorer.EXE[360] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[540] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[540] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[540] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[540] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\hphmon03.exe[616] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\hphmon03.exe[616] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\hphmon03.exe[616] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\hphmon03.exe[616] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\WINDOWS\system32\nvsvc32.exe[1008] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\nvsvc32.exe[1008] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\nvsvc32.exe[1008] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\nvsvc32.exe[1008] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1560] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1560] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1560] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1560] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF927E1
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF92835
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF92842
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF9282E
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1936] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1936] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1936] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1936] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2012] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2012] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2012] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2012] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Documents and Settings\Mike\Desktop\gmer\gmer.exe[2072] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Documents and Settings\Mike\Desktop\gmer\gmer.exe[2072] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2552] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\Program Files\Mozilla Firefox\firefox.exe[2552] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\Program Files\Mozilla Firefox\firefox.exe[2552] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\Program Files\Mozilla Firefox\firefox.exe[2552] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\System32\svchost.exe[2600] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\System32\svchost.exe[2600] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\System32\svchost.exe[2600] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\System32\svchost.exe[2600] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3116] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA27E1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3116] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA2835
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3116] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA2842
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3116] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA282E

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750BDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752171E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F750C3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F750C2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F750C482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F750C482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F750C3B2] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F750C2B6] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7521032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F750BF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7520C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F750BE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74FEA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74FEB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74FEAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74FF6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74FF5A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7521864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7510F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7520C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7520C82] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7521864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F74FE020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F74FE020] sptd.sys

---- Devices - GMER 1.0.13 ----
 
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 873D4EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 873D4EB0

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7A029F2] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7A028B4] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7A02D04] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7A02306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA393F76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA392812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA392812] aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BB52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F6BB58E6] aswTdi.SYS

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo
 
IRP_MJ_FLUSH_BUFFERS 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 87387A40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 87387A40
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BB52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F6BB58E6] aswTdi.SYS

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 87387C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 87387C78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86D79418
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86EA7EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86EA7EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86D79418
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86D79418
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86E697A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86E697A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86E697A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86E697A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86E697A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86E697A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86E697A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86E697A0
Device \Driver\00000100 \Device\0000004d IRP_MJ_POWER [F7509EA8] sptd.sys
Device \Driver\00000100 \Device\0000004d IRP_MJ_SYSTEM_CONTROL [F751DA70] sptd.sys
Device \Driver\00000100 \Device\0000004d IRP_MJ_PNP [F7516728] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_CREATE 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_CLOSE 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_INTERNAL_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_CLEANUP 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BBB868C-80C9-4DFC-B619-3D8E9E601850} IRP_MJ_PNP 86E697A0

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F6BB58E6] aswTdi.SYS
 
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BB52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F6BB58E6] aswTdi.SYS

Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_CREATE 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_CLOSE 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_INTERNAL_DEVICE_CONTROL 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_CLEANUP 86E697A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA5B8AC9-DE74-44B0-9FBE-7950B95D2704} IRP_MJ_PNP 86E697A0

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BB52C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F6BB58E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F6BB58E6] aswTdi.SYS

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 873D40E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 873D40E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86D7A710
 
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86D7A710
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86D7A710
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 86D747E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 86D747E0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 87387C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 87387C78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 86E29AF0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 86E29AF0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_CREATE 873874D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_CLOSE 873874D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_DEVICE_CONTROL 873874D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_INTERNAL_DEVICE_CONTROL 873874D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_POWER 873874D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_SYSTEM_CONTROL 873874D0
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_PNP 873874D0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86E4BD18
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 86E4BD18
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8639F370
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8639F370

---- EOF - GMER 1.0.13 ----
 
I did not mess with the registry before this happened.

A couple problems.

I cannot open up the add/remove dialog. It does nothing when I click on it.

Some of the files you said to delete did not exist (i did turn on the option to see hidden and system files).

I could not install superantispyware. When I try running the program it gives 2 failed to initialize dialogs. If I extract to folder using winrar and try running msiexec it comes up with "incorrect command line paramaters"
 
Hi,

Some of the files you said to delete did not exist (i did turn on the option to see hidden and system files).
Click to expand...

That's ok.

I could not install superantispyware. When I try running the program it gives 2 failed to initialize dialogs. If I extract to folder using winrar and try running msiexec it comes up with "incorrect command line paramaters"
Click to expand...

That's weird. I'll let you try an alternative.

We're getting there. After we get you cleaned up, we'll fix your other issues.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://free.grisoft.com/doc/5390/us/frt/0?prd=asf
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Antispyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Do not use it yet!

Download ATF Cleaner by Atribune

Do not use it yet.
_____

Open HijackThis > Ope Misc tools > Open uninstall manager > Look for all the old java entries there then highlight each one by one > At the right pane, there's an "Uninstall Command" box and there's some text in it > Copy and paste the contents of that box for each old java version.

After you do that, click back > scan > Check these entries in bold:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: 3.exe~
O21 - SSODL: vHdaxqUCGS - {CCCC9172-6666-3BD8-53BE-3384AFFC4B8B} - C:\WINDOWS\system32\oimp.dll (file missing)
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINDOWS\system32\dssdll32.dll

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
_____

You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

*Click start > run > copy and paste these one at a time then press enter for each of them:

sc stop xpdx

Enter.

sc delete xpdx

Enter.
_____

*Using Windows Explorer, find and delete these files:

C:\WINDOWS\system32\dssdll32.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3.exe~

Empty your recycle bin.
_____

Important: Make sure all your browsers are closed before running ATF Cleaner..

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose:Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please run AVG AntiSpyware, and run a full scan as follow:

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.
  • Launch AVG AntiSpyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
  • Close AVG AntiSpyware.
  • Reboot to normal mode.
_____

Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html


BitDefenderA.gif

BitDefenderB.gif



Under SCANNING OPTIONS, use the following Settings:
  • Action options - Report only
  • Second option - Report only
Once finished, click on the Details button to view the results.
To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results in your next reply
______

On your next reply, please include a
  • Fresh HijackThis log.
  • The uninstall commands for Java
  • Bitdefender results.
  • AVG Antispyware log
  • A detailed description on how's your machine running.
 
Hi meatwad, I'll be leaving tomorrow and I'll be back on Saturday. I have asked another helper to help you through this. :bigthumb:
 
You must log in or register to reply here.
Back
Top