Hjt Log

Logfile of HijackThis v1.99.1
Scan saved at 9:33:39 AM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Batty2\Batty2.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

 

I think this thread belongs in the "Removing Spyware & Viruses" section of this forum. (that's a really short log. Are you sure you followed all the directions, and posted the entire log?)

 

Hi NELLEBL welcome to the forums.

As sultan pointed out, your log is incomplete can you please run it again and post the entire thing, with all entries from R0 lines, F lines, 02, 03, 04 08, 09 and so forth.

 

THIS IS IT


Logfile of HijackThis v1.99.1
Scan saved at 11:20:26 AM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\{1809EAB8-07C9-1033-1002-020816020001}\Update.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

 

You must have things set to ignore, it's almost impossible to have just one 04 entry, these relate to things that start up with your computer.

Did you maybe run HJT in safe mode? If so, re-do it in normal mode please.

 

RESTORED ALREADY DELETED FILE

Logfile of HijackThis v1.99.1
Scan saved at 11:42:55 AM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\{1809EAB8-07C9-1033-1002-020816020001}\Update.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,nrxpkdv.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\windows\system32\WinNB58.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\windows\system32\WinNB58.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ Microsoft Service Host Process] C:\WINDOWS\Help\svchost.exe
O4 - HKLM\..\Run: [urj59dfa] RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SystemLoader] C:\windows\sysldr32.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "
O4 - HKLM\..\Run: [win3208640330309] C:\windows\win3208640330309.exe
O4 - HKLM\..\Run: [sachost] C:\windows\sachostx.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [sys01033030964] C:\windows\sys01033030964.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TheMonitor] C:\windows\Duce6.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [jrj59def] RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [jejqdrici] xcpvtp.exe autorun
O4 - HKCU\..\Run: [ofiu] C:\Program Files\Common Files\ofiu\ofium.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe "
O4 - HKCU\..\Run: [PSCloner] "C:\Program Files\PSCloner\PSCloner.exe "
O4 - HKCU\..\Run: [ibkab] C:\windows\system32\mmahax.exe reg_run
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [cprocsvc] C:\windows\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00013.exe "
O4 - HKCU\..\Run: [ttool] C:\windows\9129837.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - C:\Program Files\Batty2\Batty2.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\windows\System32\PAStiSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

Pdate.exe Using 100% Of Cpu

 

Sorry
Update.exe

 

Please refrain from deleting things when you have no idea what needs deleting, several of the items are indeed legit.

But you certainly do have a mess going on, no doubt.

Lets run one tool which will find alot of these items and see what we have left. Please do not do any extra steps, only what I provide in the instructions, if you are unclear on how to proceed.....STOP and ask me for clarification.

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Once that log is generated then also run HJT in normal mode and give me that new log file.

 

I Am Back (was At Work)
Only Way For Me To Reply To This Is From Safe Mode With Networking.
Also I Try To Download Combofix.com And Nothing.
From Normal Mode My Ie Freeze

 

If you made the log in normal mode why can't you get to the Net? What happens when you try to connect? IE freezes? Try to disable as many processes as you can and try again.

This one should be able to be stopped:
C:\Program Files\Common Files\{1809EAB8-07C9-1033-1002-020816020001}\Update.exe

The ComboFix link works fine here. If need be, DL it to a floppy at work and then insert into box. Or, got any friendly neighbors you can use a Pc for a few minutes?

 

combofix.txt

NEDZAD - 06-09-21 13:04:13.78 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\NEDZAD\Desktop\New Folder (2) "

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-09-19 11:15 337 kigoq.dll.qoo
06-09-13 00:33 53 pcnncn.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\cfg32.exe
C:\windows\Duce6.exe
C:\Documents and Settings\NEDZAD\Application Data\Install.dat
C:\windows\system32\bszip.dll
C:\windows\system32\cmd.com
C:\windows\system32\netstat.com
C:\windows\system32\ping.com
C:\windows\system32\regedit.com
C:\windows\system32\taskkill.com
C:\windows\system32\tasklist.com
C:\windows\system32\tracert.com
C:\windows\offun.exe
C:\windows\uni_ehhhh.exe
C:\windows\system32\atmtd.dll
C:\windows\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Common Files\misc002
C:\Program Files\Inetget2
C:\Program Files\network monitor
C:\Program Files\outlook
C:\windows\system32\WinNB58.dll
C:\Program Files\batty2
C:\windows\system32\crunner
C:\Program Files\Common Files\{1809EAB8-07C9-1033-1002-020816020001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1\nslookup.exe
C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1\?icrosoft
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\SMANTE~1\?poolsv.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))


2006-09-21 01:24 46,592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-09-21 01:23 6,868 --a------ C:\WINDOWS\system32\taskdir~.exe
2006-09-21 01:23 54,484 --a------ C:\WINDOWS\system32\image.gif.exe
2006-09-21 01:21 163,840 --a------ C:\WINDOWS\win3208640330309.exe
2006-09-21 00:44 106,496 --a------ C:\WINDOWS\Duce6.exe
2006-09-21 00:36 163,840 --a------ C:\WINDOWS\win3209403303096.exe
2006-09-16 21:36 163,840 --a------ C:\WINDOWS\sys033030964032006.exe
2006-09-14 00:58 1,024 --a--c--- C:\yfxaek.exe
2006-09-14 00:39 126,976 --ah----- C:\WINDOWS\system32\tbhogt.dll
2006-09-13 00:46 76,288 --a--c--- C:\owodkr.exe
2006-09-13 00:46 5,120 --a--c--- C:\qdgkp.exe
2006-09-13 00:46 23,012 --a------ C:\WINDOWS\system32\eleekdbg.exe
2006-09-13 00:46 1,393 --a--c--- C:\hqajybyw.exe
2006-09-13 00:42 23,012 --a------ C:\WINDOWS\system32\floogpac.exe
2006-09-13 00:36 5,298 --a------ C:\WINDOWS\system32\sachostc.exe
2006-09-13 00:36 4,786 --a------ C:\WINDOWS\system32\sachosts.exe
2006-09-13 00:35 9,906 --a------ C:\WINDOWS\system32\sachostp.exe
2006-09-13 00:35 26,152 --a------ C:\WINDOWS\sachostx.exe
2006-09-13 00:35 16,404 --a--c--- C:\tvlc.exe
2006-09-13 00:34 3,749 --a------ C:\WINDOWS\sysldr32.exe
2006-09-13 00:34 23,012 --a------ C:\WINDOWS\system32\goiablae.exe
2006-09-13 00:34 23,012 --a------ C:\WINDOWS\system32\apdiigah.exe
2006-09-13 00:34 1,233 --a------ C:\WINDOWS\system32\urj59dfa.sys
2006-09-13 00:34 1,233 --a------ C:\WINDOWS\system32\jrj59def.sys
2006-09-13 00:33 23,012 --a------ C:\WINDOWS\system32\ahobddcc.exe
2006-09-13 00:33 186,219 --a------ C:\WINDOWS\srviqkckwn.exe
2006-09-13 00:33 16,404 --a------ C:\WINDOWS\9129837.exe
2006-09-13 00:33 1,393 --a--c--- C:\msuadyp.exe
2006-09-13 00:33 1,232 --a------ C:\WINDOWS\system32\TheMatrixHasYou.exe
2006-09-13 00:31 76,288 --a--c--- C:\vowvv.exe
2006-08-29 02:36 53,248 --------- C:\WINDOWS\system32\RemFarStone.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-09-21 13:08 -------- d-------- C:\Program Files\Common Files
2006-09-21 10:50 -------- d-------- C:\Program Files\hijackthis
2006-09-21 02:20 93633 --ahs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
2006-09-21 00:44 -------- d--h----- C:\Program Files\Common Files\cloader
2006-09-21 00:36 -------- d-------- C:\Program Files\PSDream
2006-09-21 00:36 -------- d-------- C:\Program Files\PSCloner
2006-09-20 08:34 -------- d-------- C:\Program Files\Common Files\ofiu
2006-09-20 02:11 -------- d-------- C:\Program Files\DC++
2006-09-20 01:50 -------- d-------- C:\Program Files\RegistrySmart
2006-09-20 01:35 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-09-19 10:52 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 21:39 -------- d-------- C:\Program Files\Yahoo!
2006-09-16 12:11 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Roxio
2006-09-11 10:23 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-05 09:02 -------- d-------- C:\Program Files\Symantec
2006-09-05 09:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-05 09:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-05 08:50 -------- d-------- C:\Program Files\Winamp
2006-09-04 20:13 -------- d-------- C:\Program Files\tgtsoft
2006-09-04 19:56 -------- d-------- C:\Program Files\GameHouse
2006-09-03 00:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-29 03:02 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Skype
2006-08-29 02:42 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\FarStone
2006-08-29 02:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-29 01:05 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-29 01:05 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-29 01:02 96256 --a------ C:\WINDOWS\system32\drivers\sptd7245.sys
2006-08-29 01:02 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-27 02:54 -------- d-------- C:\Program Files\Elaborate Bytes
2006-08-27 02:31 -------- d-------- C:\Program Files\CloneDVD
2006-08-25 03:25 -------- d-------- C:\Program Files\Activision
2006-08-25 02:57 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-25 02:40 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-08-25 02:40 -------- d-------- C:\Program Files\AutoCAD 2006
2006-08-25 02:39 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-25 02:39 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-08-25 02:37 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Autodesk
2006-08-25 02:27 -------- d-------- C:\Program Files\Autodesk
2006-08-25 02:12 -------- d-------- C:\Program Files\Smart Projects
2006-08-16 16:08 153600 ---hs---- C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
2006-08-16 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-16 01:55 674636 --a------ C:\WINDOWS\Zabranjeno Pusenje Screensaver.scr
2006-08-07 11:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll
2006-07-31 17:16 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-07-28 00:24 -------- d-------- C:\Program Files\PopCap Games
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 01:14 -------- d-------- C:\Program Files\Trymedia
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32 "= "svcnet.exe "
"cprocsvc "= "C:\\windows\\system32\\crunner\\cproc.exe "
"PSDream "= "\ "C:\\Program Files\\PSDream\\PSDream.exe\" "
"taskdir "= "C:\\windows\\system32\\taskdir.exe "
"Apou "= "\ "C:\\DOCUME~1\\NEDZAD\\APPLIC~1\\ICROSO~1\\nslookup.exe\" -vt yazb "
"Awuucb "= "C:\\Program Files\\S?mantec\\?poolsv.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\windows\\system32\\NvCpl.dll,NvStartup "
" Microsoft Service Host Process "= "C:\\WINDOWS\\Help\\svchost.exe "
"urj59dfa "= "RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532 "
"Lexmark X74-X75 "= "\ "C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\" "
"BJCFD "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"SystemLoader "= "C:\\windows\\sysldr32.exe "
"IPInSightMonitor 02 "= "\ "C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\" "
"CaAvTray "= "\ "C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\" "
"sachost "= "C:\\windows\\sachostx.exe "
"IPInSightLAN 02 "= "\ "C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l "
"BootSkin Startup Jobs "= "\ "C:\\PROGRA~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs "
"WinampAgent "= "C:\\Program Files\\Winamp\\winampa.exe "
"UpdReg "= "C:\\WINDOWS\\UpdReg.EXE "
"BCMSMMSG "= "BCMSMMSG.exe "
"YBrowser "= "C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe "
"CAVRID "= "\ "C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\" "
"CloneCDElbyCDFL "= "\ "C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL "
"Microsoft Works Update Detection "= "C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe "
"Motive SmartBridge "= "C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe "
"nwiz "= "nwiz.exe /install "
"jrj59def "= "RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62 "
"YOP "= "C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart "
"jejqdrici "= "xcpvtp.exe autorun "
"win3209403303096 "= "C:\\windows\\win3209403303096.exe "
"win3208640330309 "= "C:\\windows\\win3208640330309.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000002

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "C:\\windows\\warnhp.html "
"SubscribedURL "=" "
"FriendlyName "= "Desktop Uninstall "
"Flags "=dword:00002002
"Position "=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:02,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,02,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"Wallpaper "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"NoActiveDesktop "=dword:00000000
"ClassicShell "=dword:00000000
"ForceActiveDesktopOn "=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=" "
"NoDriveTypeAutoRun "=dword:00000000
"NoDriveAutoRun "=dword:00001f00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l "
"item "= "Microsoft Office "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item "= "Microsoft Works Calendar Reminders "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinMXDownloadWinMX3.exe]
"location "= "Common Startup "
"item "= "WinMXDownloadWinMX3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CursorXP]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CursorXP "
"hkey "= "HKCU "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\diagent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "diagent "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DiskeeperSystray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DkIcon "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Portfolio]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "WksSb "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RealPlay "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioAudioCentral]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RxMon "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DrgToDsc "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioEngineUtility]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "EngUtil "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "winampa "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Winamp\\winampa.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WorksFUD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wkfud "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Microsoft Works\\wkfud.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ypager "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\windows\tasks\Symantec NetDetect.job

Completion time: Thu 09/21/2006 13:11:14.73
ComboFix.txt

 

hikackthis.txt

Logfile of HijackThis v1.99.1
Scan saved at 1:13:38 PM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\windows\Explorer.EXE
C:\windows\System32\nvsvc32.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\PAStiSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\windows\sysldr32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\BCMSMMSG.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\windows\win3209403303096.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\win3208640330309.exe
C:\Program Files\PSDream\PSDream.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\windows\system32\WinNB58.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ Microsoft Service Host Process] C:\WINDOWS\Help\svchost.exe
O4 - HKLM\..\Run: [urj59dfa] RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SystemLoader] C:\windows\sysldr32.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "
O4 - HKLM\..\Run: [sachost] C:\windows\sachostx.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [jrj59def] RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [jejqdrici] xcpvtp.exe autorun
O4 - HKLM\..\Run: [win3209403303096] C:\windows\win3209403303096.exe
O4 - HKLM\..\Run: [win3208640330309] C:\windows\win3208640330309.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [cprocsvc] C:\windows\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe "
O4 - HKCU\..\Run: [taskdir] C:\windows\system32\taskdir.exe
O4 - HKCU\..\Run: [Apou] "C:\DOCUME~1\NEDZAD\APPLIC~1\ICROSO~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Awuucb] C:\Program Files\S?mantec\?poolsv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\windows\System32\PAStiSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

HI TEMERC

Run combofix and hijackthis from normal mode.
At this moment i am in safe mode my IE freeze in normal mode

 

OK, with a rootkit present we must address that first and foremost.

Download GMER from here

• Right Click the Zip and Select "Extract All "
• Double-click gmer.exe to launch the program.
• Click on the Rootkit Tab and on the right side, untick the Registry box, then click Scan.

Once the scan is done, hit the copy button, then open notepad and paste the results here for me to see.

 

Hi TEMERC

DL GMER file on floppy.Since I am at work have to wait till tonight to
do scan and send to you
Thanks NELLEBL

 

GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-22 02:48:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

SYSENTER ? F82C2F5F

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8339C808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8339C808
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82FD701C
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8308D9D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8308D9D0
Device \Driver\00000459 \Device\00000052 IRP_MJ_POWER [F86E8F68] sptd.sys
Device \Driver\00000459 \Device\00000052 IRP_MJ_SYSTEM_CONTROL [F86FDA70] sptd.sys
Device \Driver\00000459 \Device\00000052 IRP_MJ_PNP [F86F6728] sptd.sys
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_NAMED_PIPE 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLOSE 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_READ 830BE16C
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_WRITE 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_INFORMATION 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_INFORMATION 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_EA 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_EA 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FLUSH_BUFFERS 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_VOLUME_INFORMATION 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_VOLUME_INFORMATION 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DIRECTORY_CONTROL 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FILE_SYSTEM_CONTROL 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CONTROL 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_INTERNAL_DEVICE_CONTROL 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SHUTDOWN 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_LOCK_CONTROL 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLEANUP 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_MAILSLOT 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_SECURITY 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_SECURITY 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_POWER 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SYSTEM_CONTROL 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CHANGE 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_QUOTA 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_QUOTA 830BE2A8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_PNP 830BE2A8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8339D550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8339D550
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8323A398
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 831F02BC
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8309AD38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8309AD38

 

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8323A398
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLOSE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_READ 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_WRITE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_EA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FLUSH_BUFFERS 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DIRECTORY_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SHUTDOWN 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_LOCK_CONTROL 8323A4A0

 

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_LOCK_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLEANUP 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_MAILSLOT 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_SECURITY 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_POWER 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SYSTEM_CONTROL 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CHANGE 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_QUOTA 8323A4A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP 8323A4A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8323A398
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8323A398
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8309A0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8309A0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8309A0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8309A0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8309A0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8309A0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_CREATE 8309A0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_CLOSE 8309A0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_DEVICE_CONTROL 8309A0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_INTERNAL_DEVICE_CONTROL 8309A0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_CLEANUP 8309A0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_PNP 8309A0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8309A0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8309A0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8309A0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8309A0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8309A0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP

 

Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 82F3B33C
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8339CA40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8339CA40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8339CA40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8309EA64
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8309EA64
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8309E0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8309E0E8