Solved svchost.exe high cpu usage. [HJT log]

[Resolved] svchost.exe high cpu usage. [HJT log]

Hello am having the same problem as the dude that you helped here is the log file from hjt :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:30, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8454 bytes

p.s. Am a designer and am having huge problems with this i cant do my work for a week now and i have re-instaled windows xp home ed for 6 time now i read a lot on the net and in forums but cant fix the problem.

 

Welcome to WindowsBBS napster

Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

i tried but when it get's to examening event logs it gives me an error i closed all the programs even tried it in safe mood but it still gives me an error at the end.
Please help is there any other way

 

What is the exact error message?

 

C:\DOCUME~1\NAPSTE~1.YOU\LOCALS~1\Temp\868e_appcompat.txt

I think am not doing it right it says that i must close all programs and windows ?
i close all programs and then i run declar's ...

 

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot, then try running dss again.

 

FROM MAIN

Deckard's System Scanner v20070826.66
Run by Napster on 2007-09-02 22:45:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
9: 2007-09-02 16:45:42 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2007-09-02 16:25:39 UTC - RP8 - Installed Ad-Aware 2007
7: 2007-09-02 10:09:45 UTC - RP7 - Installed Adobe Illustrator CS2
6: 2007-09-02 09:51:22 UTC - RP6 - Installed Adobe Photoshop CS2
5: 2007-09-02 09:46:45 UTC - RP5 - Installed Adobe InDesign CS2


-- First Restore Point --
1: 2007-09-01 15:37:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Napster.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:59, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Napster.YOUR-0548C161E1\Desktop\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Napster.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8330 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070902-203246-514 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/1000 PL Network Connection
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_30BB103C&REV_00\4&2803E7C1&0&00E2
Manufacturer: Intel
Name: Intel(R) PRO/1000 PL Network Connection
PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_30BB103C&REV_00\4&2803E7C1&0&00E2
Service: e1express

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\AD5AD5009FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\AD5AD5009FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-09-02 20:12:50 368 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-09-01 20:05:50 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Napster.job
2007-08-31 20:28:13 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


-- Files created between 2007-08-02 and 2007-09-02 -----------------------------

2007-09-02 21:53:37 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-09-02 21:53:37 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-09-02 21:53:37 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-09-02 21:53:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-09-02 21:53:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-09-02 21:53:37 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-02 21:53:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-09-02 21:53:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-09-02 21:53:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-09-02 21:53:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-09-02 21:53:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-09-02 21:53:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-09-02 21:53:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-09-02 21:53:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-09-02 21:53:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-09-02 21:53:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-09-02 21:53:35 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-02 20:29:13 0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-02 19:55:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-02 19:55:24 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-02 19:47:55 0 d-------- C:\Program Files\Trend Micro
2007-09-02 19:40:03 0 d---s---- C:\Documents and Settings\Napster.YOUR-0548C161E1\UserData
2007-09-02 13:09:48 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-09-02 13:09:47 0 d-------- C:\WINDOWS\system32\Adobe
2007-09-02 12:54:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-02 12:49:29 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-02 07:27:32 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\AdobeUM
2007-09-02 07:26:59 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Adobe
2007-09-01 21:07:15 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-09-01 21:07:15 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-09-01 21:07:15 76506 --a------ C:\WINDOWS\War3Unin.dat
2007-09-01 21:05:49 0 d-------- C:\Program Files\Warcraft III
2007-09-01 20:23:47 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-09-01 20:23:47 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-09-01 20:17:02 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Media Player Classic
2007-09-01 20:00:46 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-01 19:49:51 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-09-01 19:49:51 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-09-01 19:49:51 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-09-01 19:49:51 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-09-01 19:49:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-09-01 19:49:50 0 d-------- C:\Program Files\Common Files\Ahead
2007-09-01 19:49:47 0 d-------- C:\Program Files\Ahead
2007-09-01 19:48:53 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype
2007-09-01 19:23:24 99965 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-09-01 19:23:03 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Mozilla
2007-09-01 19:22:07 28672 --a------ C:\WINDOWS\system32\newdll.dll
2007-09-01 19:22:06 6416 --a------ C:\WINDOWS\system32\kbdinori.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-09-01 19:22:06 6416 --a------ C:\WINDOWS\system32\kbdinasa.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-09-01 19:22:06 6928 --a------ C:\WINDOWS\system32\kbdhebx.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-09-01 19:22:06 6416 --a------ C:\WINDOWS\system32\kbdbp.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-09-01 19:22:06 6416 --a------ C:\WINDOWS\system32\kbdbds.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-09-01 19:22:05 7440 --a------ C:\WINDOWS\system32\KBDDLL.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-09-01 19:22:05 8992 --a------ C:\WINDOWS\system32\kbdbphz.dLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-09-01 19:22:05 8992 --a------ C:\WINDOWS\system32\KBDBPH.dLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-09-01 18:58:26 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys <Not Verified; Symantec Corporation; Symantec Core Component>
2007-09-01 18:57:51 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Symantec
2007-09-01 18:43:06 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Bluetooth Software
2007-09-01 18:39:00 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Macromedia
2007-09-01 18:39:00 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Identities
2007-09-01 18:38:59 0 d--h----- C:\Documents and Settings\Napster.YOUR-0548C161E1\NetHood
2007-09-01 18:38:59 0 dr------- C:\Documents and Settings\Napster.YOUR-0548C161E1\My Documents
2007-09-01 18:38:59 0 d--h----- C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings
2007-09-01 18:38:59 0 dr------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Favorites
2007-09-01 18:38:59 0 d-------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Desktop
2007-09-01 18:38:59 0 d---s---- C:\Documents and Settings\Napster.YOUR-0548C161E1\Cookies
2007-09-01 18:38:59 0 dr-h----- C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data
2007-09-01 18:38:58 0 d--h----- C:\Documents and Settings\Napster.YOUR-0548C161E1\Templates
2007-09-01 18:38:58 0 dr------- C:\Documents and Settings\Napster.YOUR-0548C161E1\Start Menu
2007-09-01 18:38:58 0 dr-h----- C:\Documents and Settings\Napster.YOUR-0548C161E1\SendTo
2007-09-01 18:38:58 0 dr-h----- C:\Documents and Settings\Napster.YOUR-0548C161E1\Recent
2007-09-01 18:38:58 0 d--h----- C:\Documents and Settings\Napster.YOUR-0548C161E1\PrintHood
2007-09-01 18:38:58 1572864 --ah----- C:\Documents and Settings\Napster.YOUR-0548C161E1\NTUSER.DAT
2007-09-01 18:37:30 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-09-01 17:38:55 0 d-------- C:\Documents and Settings\Napster\Application Data\Uniblue
2007-09-01 17:38:45 0 d-------- C:\Program Files\Uniblue
2007-09-01 14:27:02 0 d-------- C:\Documents and Settings\Napster\Application Data\Ahead
2007-08-31 21:17:04 0 d-------- C:\Program Files\AEDiction
2007-08-31 20:30:04 0 d-------- C:\Documents and Settings\Napster\Application Data\AdobeUM
2007-08-31 20:29:32 0 d-------- C:\Documents and Settings\Napster\Application Data\Adobe
2007-08-31 15:21:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-31 15:21:41 0 d-------- C:\Program Files\QuickTime Alternative
2007-08-30 20:46:14 0 d-------- C:\Program Files\BitComet
2007-08-30 20:40:03 0 d-------- C:\Program Files\Winamp
2007-08-30 20:39:06 0 d-------- C:\Documents and Settings\Napster\Application Data\Skype
2007-08-30 20:38:57 0 d-------- C:\Program Files\Skype
2007-08-30 20:38:56 0 d-------- C:\Program Files\Common Files\Skype
2007-08-30 20:38:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-08-30 20:38:14 0 d-------- C:\WINDOWS\Datecs
2007-08-30 20:38:01 3382 --a------ C:\WINDOWS\mozver.dat
2007-08-30 20:35:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-30 20:35:53 0 d-------- C:\Documents and Settings\Napster\Application Data\Mozilla
2007-08-30 20:32:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2007-08-30 20:26:06 0 d-------- C:\Program Files\Norton AntiVirus
2007-08-30 20:25:52 0 d-------- C:\Documents and Settings\Napster\Application Data\Symantec
2007-08-30 20:20:14 0 d-------- C:\Documents and Settings\Napster\Application Data\Media Player Classic
2007-08-30 20:19:47 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-08-30 20:19:29 0 d-------- C:\Program Files\D-Tools
2007-08-30 20:19:23 0 d-------- C:\WINDOWS\Downloaded Installations
2007-08-30 20:05:58 0 d-------- C:\Documents and Settings\Napster\Bluetooth Software
2007-08-30 20:05:17 0 d-------- C:\Program Files\WIDCOMM
2007-08-30 20:04:53 102400 --a------ C:\WINDOWS\HPWebcam.exe <Not Verified; ; HPWebcam>
2007-08-30 20:04:52 53248 --a------ C:\WINDOWS\csnp2uvc.dll <Not Verified; ; InstallUtil>
2007-08-30 20:02:41 0 d--h----- C:\Documents and Settings\Napster\Templates
2007-08-30 20:02:41 0 dr------- C:\Documents and Settings\Napster\Start Menu
2007-08-30 20:02:41 0 dr-h----- C:\Documents and Settings\Napster\SendTo
2007-08-30 20:02:41 0 dr-h----- C:\Documents and Settings\Napster\Recent
2007-08-30 20:02:41 0 d--h----- C:\Documents and Settings\Napster\PrintHood
2007-08-30 20:02:41 0 d--h----- C:\Documents and Settings\Napster\NetHood
2007-08-30 20:02:41 0 dr------- C:\Documents and Settings\Napster\My Documents
2007-08-30 20:02:41 0 d--h----- C:\Documents and Settings\Napster\Local Settings
2007-08-30 20:02:41 0 dr------- C:\Documents and Settings\Napster\Favorites
2007-08-30 20:02:41 0 d-------- C:\Documents and Settings\Napster\Desktop
2007-08-30 20:02:41 0 d---s---- C:\Documents and Settings\Napster\Cookies
2007-08-30 20:02:41 0 dr-h----- C:\Documents and Settings\Napster\Application Data
2007-08-30 20:02:41 0 d---s---- C:\Documents and Settings\Napster\Application Data\Microsoft
2007-08-30 20:02:41 0 d-------- C:\Documents and Settings\Napster\Application Data\Macromedia
2007-08-30 20:02:41 0 d-------- C:\Documents and Settings\Napster\Application Data\Identities
2007-08-30 20:02:40 1835008 --ah----- C:\Documents and Settings\Napster\NTUSER.DAT
2007-08-30 20:01:21 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-08-30 20:01:15 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2007-08-30 20:01:15 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-08-30 20:00:44 0 d-------- C:\WINDOWS\Prefetch
2007-08-30 19:58:45 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2007-09-02 22:17:54 0 d-------- C:\Program Files\Common Files
2007-09-02 13:09:47 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-02 04:13:51 0 d-------- C:\Program Files\Windows NT
2007-09-02 04:13:49 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-02 04:12:58 0 d-------- C:\Program Files\Online Services
2007-09-02 04:12:46 0 d-------- C:\Program Files\NetWaiting
2007-09-02 04:12:42 0 d-------- C:\Program Files\Movie Maker
2007-09-02 04:12:42 0 d-------- C:\Program Files\Microsoft Works
2007-09-02 04:12:08 0 d-------- C:\Program Files\Messenger
2007-09-02 04:10:57 0 d-------- C:\Program Files\CONEXANT
2007-09-02 04:10:30 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-02 04:10:30 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-09-02 04:10:22 0 d-------- C:\Program Files\Common Files\LightScribe
2007-09-01 23:09:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 18:59:05 0 d-------- C:\Program Files\Symantec
2007-09-01 18:34:51 0 d-------- C:\Program Files\HPQ


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 08:58]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 07:03]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [20/07/2006 08:58]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [20/07/2006 08:58]
"nwiz "= "nwiz.exe" [20/07/2006 08:58 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut "= "CHDAudPropShortcut.exe" [02/06/2006 18:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 08:22]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [19/07/2006 15:14]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 11:33]
"Cpqset "= "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 10:50]
"RecGuard "= "C:\Windows\SMINST\RecGuard.exe" [11/10/2005 10:23]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [13/08/2004 19:17]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"DAEMON Tools-1033 "= "C:\Program Files\D-Tools\daemon.exe" [22/08/2004 17:05]
"AAWTray "= "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [25/08/2007 21:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 13:33:22]
FlexType 2K.lnk - C:\WINDOWS\Datecs\Flex2K.exe [30/08/2007 20:38:15]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [30/08/2007 20:04:53]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 19:39:30]




-- End of Deckard's System Scanner: finished at 2007-09-02 22:46:55 ------------

 

FROM EXTRA


Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
CPU 1: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1021.98 MiB / 703.84 MiB
Pagefile Memory (total/avail): 2458.05 MiB / 2205.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.38 MiB

C: is Fixed (NTFS) - 103.45 GiB total, 77.82 GiB free.
D: is Fixed (FAT32) - 7.32 GiB total, 1.35 GiB free.
E: is CDROM (No Media)
F: is Fixed (FAT32) - 465.65 GiB total, 111.68 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9120821AS - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 103.45 GiB - C:
\PARTITION1 - Unknown - 7.34 GiB - D:
\PARTITION2 - Unknown - 1027.56 MiB

\\.\PHYSICALDRIVE1 - WD 5000AAKB Externa USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2005 (Symantec Corporation)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-0548C161E1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Napster.YOUR-0548C161E1
LOGONSERVER=\\YOUR-0548C161E1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NAPSTE~1.YOU\LOCALS~1\Temp
TMP=C:\DOCUME~1\NAPSTE~1.YOU\LOCALS~1\Temp
USERDOMAIN=YOUR-0548C161E1
USERNAME=Napster
USERPROFILE=C:\Documents and Settings\Napster.YOUR-0548C161E1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Napster.YOUR-0548C161E1 (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
BitComet 0.67 --> C:\Program Files\BitComet\uninst.exe
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
FlexType 2K --> C:\WINDOWS\Datecs\SXUNINST.EXE
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavilion Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\Setup.exe" -l0x9 -u
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0036 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4180B60-0239-48DE-89EF-2CE4C3650A71}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Codec Pack 2.81 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.7 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NewTek LightWave HDTV codec v0.00 --> RunDLL32.exe advpack.dll,LaunchINFSection NTCodec.inf, UnInstall
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Skypeâ„¢ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe "
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe "


-- Application Event Log -------------------------------------------------------

Event Record #/Type224 / Error
Event Submitted/Written: 09/02/2007 10:44:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application skype.exe, version 3.5.0.229, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [skype.exe!ws!]

Event Record #/Type210 / Error
Event Submitted/Written: 09/02/2007 10:26:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss(2).exe, version 3.2.4.9, faulting module dss(2).exe, version 3.2.4.9, fault address 0x00019cf4.
Processing media-specific event for [dss(2).exe!ws!]

Event Record #/Type208 / Error
Event Submitted/Written: 09/02/2007 10:21:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss(2).exe, version 3.2.4.9, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss(2).exe!ws!]

Event Record #/Type205 / Error
Event Submitted/Written: 09/02/2007 10:07:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss(2).exe, version 3.2.4.9, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss(2).exe!ws!]

Event Record #/Type191 / Error
Event Submitted/Written: 09/02/2007 09:57:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss(2).exe, version 3.2.4.9, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss(2).exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type769 / Error
Event Submitted/Written: 09/02/2007 10:42:35 PM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).

Event Record #/Type764 / Error
Event Submitted/Written: 09/02/2007 10:42:35 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type756 / Error
Event Submitted/Written: 09/02/2007 10:18:04 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type753 / Error
Event Submitted/Written: 09/02/2007 10:18:04 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type750 / Error
Event Submitted/Written: 09/02/2007 10:18:04 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2007-09-02 22:46:55 ------------

 

Please download Process Explorer, unzip and open. Click View on the menu, point to Lower Pane View, then click DLLs. Locate the svchost process that has a high cpu usage. If need be, open Task Manager and look at the PID value then match it in Process Explorer. Once you've located it, select it, wait for the lower pane to populate, then click File>Save As and place it on your desktop. Post the contents of that log.

If Task Manager doesn't show PID for the processes, click View>Select Columns and add it.

 

Its crazy its pid is 2816



Process PID CPU Description Company Name
System Idle Process 0 93.18
Interrupts n/a 4.55 Hardware Interrupts
DPCs n/a 0.76 Deferred Procedure Calls
System 4
smss.exe 628 Windows NT Session Manager Microsoft Corporation
csrss.exe 692 Client Server Runtime Process Microsoft Corporation
winlogon.exe 720 Windows NT Logon Application Microsoft Corporation
services.exe 784 0.76 Services and Controller app Microsoft Corporation
svchost.exe 944 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2340 WMI Microsoft Corporation
BTSTAC~1.EXE 1784 Bluetooth Stack COM Server Broadcom Corporation.
msmsgs.exe 2096 Windows Messenger Microsoft Corporation
svchost.exe 1040 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 864 Windows Security Center Notification App Microsoft Corporation
svchost.exe 1188 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1236 Generic Host Process for Win32 Services Microsoft Corporation
ccSetMgr.exe 1428 Symantec Settings Manager Service Symantec Corporation
SNDSrvc.exe 1580 Network Driver Service Symantec Corporation
SPBBCSvc.exe 1732 SPBBC Service Symantec Corporation
ccEvtMgr.exe 440 Symantec Event Manager Service Symantec Corporation
spoolsv.exe 1032 Spooler SubSystem App Microsoft Corporation
btwdins.exe 1548 Bluetooth Support Server Broadcom Corporation.
LSSrvc.exe 1588 Hewlett-Packard Company
NPFMntor.exe 1692 Norton AntiVirus Firewall Install Monitor Symantec Corporation
nvsvc32.exe 1700 NVIDIA Driver Helper Service, Version 86.02 NVIDIA Corporation
svchost.exe 1768 Generic Host Process for Win32 Services Microsoft Corporation
symlcsvc.exe 1836 Symantec Core Component Symantec Corporation
wdfmgr.exe 1964 Windows User Mode Driver Manager Microsoft Corporation
hpqwmiex.exe 208 hpqwmiex Module Hewlett-Packard Development Company, L.P.
alg.exe 1368 Application Layer Gateway Service Microsoft Corporation
svchost.exe 2816 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 796 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 460 Windows Explorer Microsoft Corporation
HP Wireless Assistant.exe 2216 HP Wireless Assistant Module Hewlett-Packard Development Company, L.P.
jusched.exe 2276 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
SynTPEnh.exe 2464 Synaptics TouchPad Enhancements Synaptics, Inc.
QPService.exe 2604 HP QuickPlay Resident Program CyberLink Corp.
hpwuSchd2.exe 2612 Hewlett-Packard Product Assistant Hewlett-Packard Co.
QLBCTRL.exe 2636 QLB Controller Hewlett-Packard Development Company, L.P.
ccApp.exe 2684 Symantec User Session Symantec Corporation
BTTray.exe 3832 Bluetooth Tray Application Broadcom Corporation.
Flex2K.exe 3840
firefox.exe 2120 Firefox Mozilla Corporation
winamp.exe 2752 Winamp Nullsoft
procexp.exe 4028 0.76 Sysinternals Process Explorer Sysinternals
Skype.exe 4032 Skype. Take a deep breath Skype Technologies S.A.
hpqimzone.exe 2456 HP Photosmart Premier Hewlett-Packard Development Company, L.P.
skypePM.exe 3328 Skype Extras Manager Skype Technologies

Process: svchost.exe Pid: 2816

Name Description Company Name Version
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
ctype.nls
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
httpapi.dll HTTP Protocol Stack API Microsoft Corporation 5.01.2600.2180
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2180
locale.nls
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ntmarta.dll Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2665
oleaut32.dll Microsoft Corporation 5.01.2600.2180
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2180
shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2823
sortkey.nls
sorttbls.nls
strmfilt.dll Stream Filter Library Microsoft Corporation 6.00.2600.2180
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.01.2600.2180
unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2180
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
w3ssl.dll SSL service for HTTP Microsoft Corporation 6.00.2600.2180
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180

 

I'm just not seeing anything unusual in these logs.

Download GMER

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show All’.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.

 

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-02 23:54:59
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT d347bus.sys ZwClose
SSDT 8654F740 ZwConnectPort
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT 85CA1A28 ZwOpenProcess
SSDT 8654ACB0 ZwOpenThread
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\PROCEXP100.SYS The system cannot find the file specified.

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8673D7B0

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F455C460] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F455C770] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F455C6D0] SYMEVENT.SYS

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85CAA2A8

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F6BF8A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7B86A4A] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7B86A4A] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7B86C82] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7B86CE8] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7B86660] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7B8678E] eabfiltr.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F45B6900] SYMTDI.SYS

 

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86592008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86592008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 85C74D80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86592008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86592008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 86617808
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 86617808
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8589BAB8

 

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F45B6900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F45B6900] SYMTDI.SYS

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 866566F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 866566F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 85C70A38
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 85CA9208
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8672B0D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8672B0D8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85CAA2A8

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F455C460] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F455C770] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F455C6D0] SYMEVENT.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F455C6D0] SYMEVENT.SYS

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 864F81C8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 864F81C8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 864F81C8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 864F81C8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 864F81C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85A12B88

---- Modules - GMER 1.0.13 ----

Module _________ F73B3000-F73CB000 (98304 bytes)

---- EOF - GMER 1.0.13 ----

 

Hmmm.... still nothing unusual. Lets do a scan.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that log in your next post.

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 03, 2007 2:10:18 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 3/09/2007
Kaspersky Anti-Virus database records: 402634
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 49648
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:53:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\cert8.db Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\history.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\key3.db Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\parent.lock Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\call256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\chat512.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\chatsync\6c\6c455b26a9418e89.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\chatsync\cd\cd1aeed21a9aa4e5.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\index2.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\user1024.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\user16384.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\user256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\user32768.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\user4096.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Application Data\Skype\encore.be_napster\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Application Data\Mozilla\Firefox\Profiles\zsu2eq0n.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Temp\~DF2667.tmp Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Napster.YOUR-0548C161E1\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP9\A0003451.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP9\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

 

I see no reason for the high cpu usage. The one infected file is in a system restore point, and it's only a mywebsearch component ....... no biggie.

Check the device manager for errors.

Shut down the computer and open the case, then used compressed air to clean the vents, fans and cpu heat sink (take care to not allow the fans to spin under air blast) and the power supply (use a toothpick or something to reach in and keep the fan from spinning).

Did the symptoms begin after anything in particular, like a software install, windows update, etc?

 

It's a brand new laptop i tried vista too the same thing...
When i re-install win everything is going well but affter 1-2 days it does this on me and the startup is very slow this laptop is really fast but when this happens i cant do my work i cant do nothing.

 

If you have already tried this, then just disregard.

I had the same problem on my wifes account. CPU running at 100%
Tried everything. What finally worked was creating a new user account.
After a few days everything was still fine I just moved all my docs over and was good to go. Delete the old account.

Hope it works for you.

H

 

Open Add/Remove programs and check the box at the top to show windows updates. See if KB936357 is listed and remove it if it is, then reboot.