Hjt Log

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 831F2824
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 83236D98
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 83236D98
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8339D550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8339D550
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 830B9694
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 831F22A8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 831F22A8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CREATE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CREATE_NAMED_PIPE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CLOSE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_READ 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_WRITE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_EA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_EA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_FLUSH_BUFFERS 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_VOLUME_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_VOLUME_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_DIRECTORY_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_FILE_SYSTEM_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_DEVICE_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SHUTDOWN 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_LOCK_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CLEANUP 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CREATE_MAILSLOT 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_SECURITY 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_SECURITY 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_POWER 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SYSTEM_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_DEVICE_CHANGE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_QUOTA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_QUOTA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_PNP 83179750
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_NAMED_PIPE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLOSE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_READ 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_WRITE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_EA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_EA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FLUSH_BUFFERS 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_VOLUME_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DIRECTORY_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SHUTDOWN 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_LOCK_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLEANUP 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_MAILSLOT 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_SECURITY 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_SECURITY 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_POWER 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SYSTEM_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CHANGE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_QUOTA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_QUOTA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CLOSE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_READ 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_WRITE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_EA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_POWER 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 82E09F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_PNP 82E09F00

 

Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CREATE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CLOSE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_READ 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_WRITE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_EA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_EA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SHUTDOWN 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CLEANUP 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_SECURITY 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_POWER 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_QUOTA 83179750
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_PNP 83179750
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_NAMED_PIPE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_READ 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_WRITE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_EA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_EA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FLUSH_BUFFERS 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_VOLUME_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DIRECTORY_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_LOCK_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLEANUP 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_MAILSLOT 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_SECURITY 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_SECURITY 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CHANGE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_QUOTA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_QUOTA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_READ 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 83217950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 83217950
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82FD701C
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8308D9D0
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8308D9D0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 830BA13C
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 830BA13C
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 830BA13C
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 830BA13C
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 830BA13C
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82F9439C
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82F88768
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82F88768

---- Modules - GMER 1.0.11 ----

Module _________ F8613000

---- Services - GMER 1.0.11 ----

Service C:\windows\system32\lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Files - GMER 1.0.11 ----

ADS ...
File C:\WINDOWS\system32\lzx32.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.11 ----

 

Well well, busy busy I see.

We need to rid the rk first with GMER and HJT.

Open GMER

• Select the Services tab
• Find the service called pe386
• Right-click it and select Delete
• Close GMER and Reboot

Open HJT.

• Click the config button
• Then click on the Misc Tools button
• Then click the Open ADS Spy button
• Then untick the 'Quick scan'(Windows base folder only) box
• Then click the Scan button
• When it finds the file, select it and hit the Remove Selected button
• Close HJT

Reboot and run ComboFix first, then HJT and finally GMER then post all logs back into this thread.

We will have more to clean up no doubt.

 

Logfile of HijackThis v1.99.1
Scan saved at 12:56:16 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\windows\Explorer.EXE
C:\windows\System32\nvsvc32.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\PAStiSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\BCMSMMSG.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\windows\win3208640330309.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\windows\sys02330309640.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\PSDream\PSDream.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\windows\system32\taskmgr.exe
C:\windows\Duce6.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\windows\system32\WinNB58.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [urj59dfa] RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SystemLoader] C:\windows\sysldr32.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [jrj59def] RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [jejqdrici] xcpvtp.exe autorun
O4 - HKLM\..\Run: [win3208640330309] C:\windows\win3208640330309.exe
O4 - HKLM\..\Run: [sys02330309640] C:\windows\sys02330309640.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TheMonitor] C:\windows\Duce6.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [cprocsvc] C:\windows\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe "
O4 - HKCU\..\Run: [taskdir] C:\windows\system32\taskdir.exe
O4 - HKCU\..\Run: [Apou] "C:\DOCUME~1\NEDZAD\APPLIC~1\ICROSO~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Awuucb] C:\Program Files\S?mantec\?poolsv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\windows\System32\PAStiSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

NEDZAD - 06-09-23 0:53:08.45 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\NEDZAD\Desktop\New Folder (2) "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\Duce6.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1\nslookup.exe
C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1\?icrosoft
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\SMANTE~1\?poolsv.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))


2006-09-22 13:25 163,840 --a------ C:\WINDOWS\sys02330309640.exe
2006-09-21 01:24 46,592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-09-21 01:23 54,484 --a------ C:\WINDOWS\system32\image.gif.exe
2006-09-21 01:21 163,840 --a------ C:\WINDOWS\win3208640330309.exe
2006-09-16 21:36 163,840 --a------ C:\WINDOWS\sys033030964032006.exe
2006-09-14 00:58 69,616 --a------ C:\WINDOWS\system32\lzx32.sys
2006-09-14 00:39 126,976 --ah----- C:\WINDOWS\system32\tbhogt.dll
2006-09-13 00:46 76,288 --a--c--- C:\owodkr.exe
2006-09-13 00:46 23,012 --a------ C:\WINDOWS\system32\eleekdbg.exe
2006-09-13 00:42 23,012 --a------ C:\WINDOWS\system32\floogpac.exe
2006-09-13 00:36 4,786 --a------ C:\WINDOWS\system32\sachosts.exe
2006-09-13 00:35 9,906 --a------ C:\WINDOWS\system32\sachostp.exe
2006-09-13 00:35 16,404 --a--c--- C:\tvlc.exe
2006-09-13 00:34 3,749 --a------ C:\WINDOWS\sysldr32.exe
2006-09-13 00:34 23,012 --a------ C:\WINDOWS\system32\goiablae.exe
2006-09-13 00:34 23,012 --a------ C:\WINDOWS\system32\apdiigah.exe
2006-09-13 00:34 1,233 --a------ C:\WINDOWS\system32\urj59dfa.sys
2006-09-13 00:34 1,233 --a------ C:\WINDOWS\system32\jrj59def.sys
2006-09-13 00:33 23,012 --a------ C:\WINDOWS\system32\ahobddcc.exe
2006-09-13 00:33 186,219 --a------ C:\WINDOWS\srviqkckwn.exe
2006-09-13 00:33 16,404 --a------ C:\WINDOWS\9129837.exe
2006-09-13 00:33 1,232 --a------ C:\WINDOWS\system32\TheMatrixHasYou.exe
2006-09-13 00:31 76,288 --a--c--- C:\vowvv.exe
2006-08-29 02:36 53,248 --------- C:\WINDOWS\system32\RemFarStone.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-23 00:54 106496 --a------ C:\WINDOWS\Duce6.exe
2006-09-23 00:42 -------- d-------- C:\Program Files\hijackthis
2006-09-22 14:15 -------- d-------- C:\Program Files\Common Files\ofiu
2006-09-22 13:36 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-22 13:36 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-22 13:36 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-22 13:36 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-22 13:36 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-22 13:36 -------- d---sc--- C:\Documents and Settings\NEDZAD\Application Data\Microsoft
2006-09-22 13:36 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\AVG7
2006-09-22 13:36 -------- d-------- C:\Program Files\Grisoft
2006-09-22 02:02 -------- d-------- C:\Program Files\Yahoo!
2006-09-21 13:08 -------- d-------- C:\Program Files\Common Files
2006-09-21 02:20 93633 --ahs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
2006-09-21 00:44 -------- d--h----- C:\Program Files\Common Files\cloader
2006-09-21 00:36 -------- d-------- C:\Program Files\PSDream
2006-09-21 00:36 -------- d-------- C:\Program Files\PSCloner
2006-09-20 02:11 -------- d-------- C:\Program Files\DC++
2006-09-20 01:50 -------- d-------- C:\Program Files\RegistrySmart
2006-09-20 01:35 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-09-19 10:52 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 12:11 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Roxio
2006-09-11 10:23 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-05 09:02 -------- d-------- C:\Program Files\Symantec
2006-09-05 09:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-05 09:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-05 08:50 -------- d-------- C:\Program Files\Winamp
2006-09-04 20:13 -------- d-------- C:\Program Files\tgtsoft
2006-09-04 19:56 -------- d-------- C:\Program Files\GameHouse
2006-09-03 00:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-29 03:02 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Skype
2006-08-29 02:42 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\FarStone
2006-08-29 02:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-29 01:05 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-29 01:05 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-29 01:02 96256 --a------ C:\WINDOWS\system32\drivers\sptd7245.sys
2006-08-29 01:02 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-27 02:54 -------- d-------- C:\Program Files\Elaborate Bytes
2006-08-27 02:31 -------- d-------- C:\Program Files\CloneDVD
2006-08-25 03:25 -------- d-------- C:\Program Files\Activision
2006-08-25 02:57 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-25 02:40 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-08-25 02:40 -------- d-------- C:\Program Files\AutoCAD 2006
2006-08-25 02:39 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-25 02:39 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-08-25 02:37 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Autodesk
2006-08-25 02:27 -------- d-------- C:\Program Files\Autodesk
2006-08-25 02:12 -------- d-------- C:\Program Files\Smart Projects
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 16:08 153600 ---hs---- C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
2006-08-16 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-16 01:55 674636 --a------ C:\WINDOWS\Zabranjeno Pusenje Screensaver.scr
2006-08-07 11:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll
2006-07-31 17:16 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-07-28 00:24 -------- d-------- C:\Program Files\PopCap Games
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 01:14 -------- d-------- C:\Program Files\Trymedia
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32 "= "svcnet.exe "
"cprocsvc "= "C:\\windows\\system32\\crunner\\cproc.exe "
"PSDream "= "\ "C:\\Program Files\\PSDream\\PSDream.exe\" "
"taskdir "= "C:\\windows\\system32\\taskdir.exe "
"Apou "= "\ "C:\\DOCUME~1\\NEDZAD\\APPLIC~1\\ICROSO~1\\nslookup.exe\" -vt yazb "
"Awuucb "= "C:\\Program Files\\S?mantec\\?poolsv.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\windows\\system32\\NvCpl.dll,NvStartup "
"urj59dfa "= "RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532 "
"Lexmark X74-X75 "= "\ "C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\" "
"BJCFD "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"SystemLoader "= "C:\\windows\\sysldr32.exe "
"IPInSightMonitor 02 "= "\ "C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\" "
"CaAvTray "= "\ "C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\" "
"IPInSightLAN 02 "= "\ "C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l "
"BootSkin Startup Jobs "= "\ "C:\\PROGRA~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs "
"WinampAgent "= "C:\\Program Files\\Winamp\\winampa.exe "
"UpdReg "= "C:\\WINDOWS\\UpdReg.EXE "
"BCMSMMSG "= "BCMSMMSG.exe "
"YBrowser "= "C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe "
"CAVRID "= "\ "C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\" "
"CloneCDElbyCDFL "= "\ "C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL "
"Microsoft Works Update Detection "= "C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe "
"Motive SmartBridge "= "C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe "
"nwiz "= "nwiz.exe /install "
"jrj59def "= "RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62 "
"YOP "= "C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart "
"jejqdrici "= "xcpvtp.exe autorun "
"win3208640330309 "= "C:\\windows\\win3208640330309.exe "
"sys02330309640 "= "C:\\windows\\sys02330309640.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
"TheMonitor "= "C:\\windows\\Duce6.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000002

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "C:\\windows\\warnhp.html "
"SubscribedURL "=" "
"FriendlyName "= "Desktop Uninstall "
"Flags "=dword:00002002
"Position "=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=dword:40000002
"OriginalStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,02,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"Wallpaper "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"NoActiveDesktop "=dword:00000000
"ClassicShell "=dword:00000000
"ForceActiveDesktopOn "=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=" "
"NoDriveTypeAutoRun "=dword:00000000
"NoDriveAutoRun "=dword:00001f00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l "
"item "= "Microsoft Office "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item "= "Microsoft Works Calendar Reminders "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinMXDownloadWinMX3.exe]
"location "= "Common Startup "
"item "= "WinMXDownloadWinMX3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CursorXP]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CursorXP "
"hkey "= "HKCU "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\diagent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "diagent "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DiskeeperSystray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DkIcon "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Portfolio]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "WksSb "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RealPlay "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioAudioCentral]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RxMon "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DrgToDsc "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioEngineUtility]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "EngUtil "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "winampa "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Winamp\\winampa.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WorksFUD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wkfud "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Microsoft Works\\wkfud.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ypager "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\windows\tasks\Symantec NetDetect.job

Completion time: Sat 09/23/2006 0:55:14.17
ComboFix.txt
ComboFix2.txt

 

GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-23 01:27:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8338F608
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8338F608
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 820C366C
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 82869A70
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 82869A70
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8DA285A] avgtdi.sys
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_NAMED_PIPE 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLOSE 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_READ 825CA4DC
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_WRITE 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_INFORMATION 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_INFORMATION 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_EA 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_EA 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FLUSH_BUFFERS 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_VOLUME_INFORMATION 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_VOLUME_INFORMATION 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DIRECTORY_CONTROL 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FILE_SYSTEM_CONTROL 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CONTROL 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_INTERNAL_DEVICE_CONTROL 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SHUTDOWN 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_LOCK_CONTROL 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLEANUP 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_MAILSLOT 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_SECURITY 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_SECURITY 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_POWER 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SYSTEM_CONTROL 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CHANGE 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_QUOTA 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_QUOTA 82ADD5C8
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_PNP 82ADD5C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8DA285A] avgtdi.sys
Device \Driver\00000069 \Device\00000056 IRP_MJ_POWER [F86E8F68] sptd.sys
Device \Driver\00000069 \Device\00000056 IRP_MJ_SYSTEM_CONTROL [F86FDA70] sptd.sys
Device \Driver\00000069 \Device\00000056 IRP_MJ_PNP [F86F6728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 833D8270
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8332AD58
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 833D8270
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 826160A4
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8272CA48
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8272CA48

 

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8332AD58
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 833D8270
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 833D8270
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 83339A78

 

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLOSE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_READ 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_WRITE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_EA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_EA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FLUSH_BUFFERS 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DIRECTORY_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SHUTDOWN 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_LOCK_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLEANUP 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_MAILSLOT 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_SECURITY 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_POWER 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SYSTEM_CONTROL 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CHANGE 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_QUOTA 83339A78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP 83339A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8332AD58
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8332AD58
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 82AE7D70
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 82AE7D70
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 82AE7D70
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE7D70
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 82AE7D70
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 82AE7D70
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_CREATE 82AE7D70
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_CLOSE 82AE7D70
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_DEVICE_CONTROL 82AE7D70
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE7D70
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_CLEANUP 82AE7D70
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8CC1244-DF72-469D-B37A-52F6F8DD5E65} IRP_MJ_PNP 82AE7D70
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 82AE7D70
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 82AE7D70
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 82AE7D70
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE7D70
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 82AE7D70
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 82AE7D70
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ FE18CA4C
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8DA285A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8DA285A] avgtdi.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8338F8C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8338F8C0
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8338F8C0

 

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82612674
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82868CB8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8DA285A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82612674
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82868CB8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82868CB8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82616B7C
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 828825C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 828825C0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 833D8270
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 833D8270
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82866054
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 820C6DC0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 820C6DC0
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE_NAMED_PIPE 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CLOSE 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_READ 82611514
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_WRITE 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_INFORMATION 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_INFORMATION 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_EA 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_EA 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_FLUSH_BUFFERS 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_VOLUME_INFORMATION 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_VOLUME_INFORMATION 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DIRECTORY_CONTROL 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_FILE_SYSTEM_CONTROL 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DEVICE_CONTROL 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_INTERNAL_DEVICE_CONTROL 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SHUTDOWN 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_LOCK_CONTROL 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CLEANUP 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE_MAILSLOT 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_SECURITY 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_SECURITY 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_POWER 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SYSTEM_CONTROL 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DEVICE_CHANGE 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_QUOTA 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_QUOTA 821138D8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_PNP 821138D8

 

Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CREATE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CREATE_NAMED_PIPE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CLOSE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_READ 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_WRITE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_EA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_EA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_FLUSH_BUFFERS 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_VOLUME_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_VOLUME_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_DIRECTORY_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_FILE_SYSTEM_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_DEVICE_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_INTERNAL_DEVICE_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SHUTDOWN 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_LOCK_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CLEANUP 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_CREATE_MAILSLOT 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_SECURITY 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_SECURITY 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_POWER 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SYSTEM_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_DEVICE_CHANGE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_QUERY_QUOTA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_SET_QUOTA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1 IRP_MJ_PNP 830EB958
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_NAMED_PIPE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLOSE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_READ 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_WRITE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_EA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_EA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FLUSH_BUFFERS 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_VOLUME_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DIRECTORY_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SHUTDOWN 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_LOCK_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLEANUP 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_MAILSLOT 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_SECURITY 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_SECURITY 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_POWER 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SYSTEM_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CHANGE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_QUOTA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_QUOTA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CLOSE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_READ 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_WRITE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_POWER 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8328B2F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port4Path0Target0Lun0 IRP_MJ_PNP 8328B2F8
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CREATE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CLOSE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_READ 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_WRITE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_EA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_EA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SHUTDOWN 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CLEANUP 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_SECURITY 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_POWER 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_SET_QUOTA 830EB958
Device \Driver\ElbyVCD \Device\Scsi\ElbyVCD1Port0Path0Target0Lun0 IRP_MJ_PNP 830EB958

 

Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_NAMED_PIPE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_READ 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_WRITE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_EA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_EA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FLUSH_BUFFERS 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_VOLUME_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DIRECTORY_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_LOCK_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLEANUP 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_MAILSLOT 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_SECURITY 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_SECURITY 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CHANGE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_QUOTA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_QUOTA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_READ 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 830D9950
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 830D9950
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 820C366C
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 82869A70
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 82869A70
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 830AFFAC
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 830AFFAC
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 830AFFAC
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 830AFFAC
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 830AFFAC
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ FBDFA834
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8259BAF0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8259BAF0

---- Modules - GMER 1.0.11 ----

Module _________ F8613000

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----

 

Ok looks like we need to scan with an anti-spyware tool, that rootkit sure did hide alot of stuff.

Download Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run ewido and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.

• Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
• Under "Reports "

• Select "Automatically generate report after every scan "
• Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process:
   • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
   • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
   • ewido will now begin the scanning process, be patient this may take a little time.
     Once the scan is complete do the following:
   • If you have any infections you will prompted, then select "Apply all actions "
   • Next select the "Reports" icon at the top.
   • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
   • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.(Please edit out any cookie references)
   Please also run ComboFix again, then HJT and post those logs along with the Ewido log.

 

NEDZAD - 06-09-23 12:43:34.45 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\NEDZAD\Desktop\New Folder (2) "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\Duce6.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1\nslookup.exe
C:\QooBox\Purity\Documents and Settings\NEDZAD\Application Data\ICROSO~1\?icrosoft
C:\QooBox\Purity\Program Files\SMANTE~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))


2006-09-23 01:13 163,840 --a------ C:\WINDOWS\sys09403303096.exe
2006-09-22 13:25 163,840 --a------ C:\WINDOWS\sys02330309640.exe
2006-09-21 01:24 46,592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-09-21 01:23 54,484 --a------ C:\WINDOWS\system32\image.gif.exe
2006-09-16 21:36 163,840 --a------ C:\WINDOWS\sys033030964032006.exe
2006-09-14 00:58 69,616 --a------ C:\WINDOWS\system32\lzx32.sys
2006-09-14 00:39 126,976 --ah----- C:\WINDOWS\system32\tbhogt.dll
2006-09-13 00:46 76,288 --a--c--- C:\owodkr.exe
2006-09-13 00:36 4,786 --a------ C:\WINDOWS\system32\sachosts.exe
2006-09-13 00:35 9,906 --a------ C:\WINDOWS\system32\sachostp.exe
2006-09-13 00:35 16,404 --a--c--- C:\tvlc.exe
2006-09-13 00:34 3,749 --a------ C:\WINDOWS\sysldr32.exe
2006-09-13 00:34 1,233 --a------ C:\WINDOWS\system32\urj59dfa.sys
2006-09-13 00:34 1,233 --a------ C:\WINDOWS\system32\jrj59def.sys
2006-09-13 00:33 186,219 --a------ C:\WINDOWS\srviqkckwn.exe
2006-09-13 00:33 16,404 --a------ C:\WINDOWS\9129837.exe
2006-09-13 00:31 76,288 --a--c--- C:\vowvv.exe
2006-08-29 02:36 53,248 --------- C:\WINDOWS\system32\RemFarStone.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-23 12:44 106496 --a------ C:\WINDOWS\Duce6.exe
2006-09-23 12:41 -------- d-------- C:\Program Files\hijackthis
2006-09-23 12:32 -------- d-------- C:\Program Files\SBC Self Support Tool
2006-09-23 12:29 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-23 11:55 -------- d-------- C:\Program Files\Common Files
2006-09-22 14:15 -------- d-------- C:\Program Files\Common Files\ofiu
2006-09-22 13:36 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-22 13:36 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-22 13:36 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-22 13:36 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-22 13:36 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-22 13:36 -------- d---sc--- C:\Documents and Settings\NEDZAD\Application Data\Microsoft
2006-09-22 13:36 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\AVG7
2006-09-22 13:36 -------- d-------- C:\Program Files\Grisoft
2006-09-22 02:02 -------- d-------- C:\Program Files\Yahoo!
2006-09-21 02:20 93633 --ahs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
2006-09-21 00:44 -------- d--h----- C:\Program Files\Common Files\cloader
2006-09-21 00:36 -------- d-------- C:\Program Files\PSDream
2006-09-21 00:36 -------- d-------- C:\Program Files\PSCloner
2006-09-20 02:11 -------- d-------- C:\Program Files\DC++
2006-09-20 01:50 -------- d-------- C:\Program Files\RegistrySmart
2006-09-20 01:35 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-09-19 10:52 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 12:11 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Roxio
2006-09-11 10:23 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-05 09:02 -------- d-------- C:\Program Files\Symantec
2006-09-05 09:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-05 09:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-05 08:50 -------- d-------- C:\Program Files\Winamp
2006-09-04 20:13 -------- d-------- C:\Program Files\tgtsoft
2006-09-04 19:56 -------- d-------- C:\Program Files\GameHouse
2006-09-03 00:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-29 03:02 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Skype
2006-08-29 02:42 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\FarStone
2006-08-29 02:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-29 01:05 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-29 01:05 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-29 01:02 96256 --a------ C:\WINDOWS\system32\drivers\sptd7245.sys
2006-08-29 01:02 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-27 02:54 -------- d-------- C:\Program Files\Elaborate Bytes
2006-08-27 02:31 -------- d-------- C:\Program Files\CloneDVD
2006-08-25 03:25 -------- d-------- C:\Program Files\Activision
2006-08-25 02:57 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-25 02:40 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-08-25 02:40 -------- d-------- C:\Program Files\AutoCAD 2006
2006-08-25 02:39 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-25 02:39 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-08-25 02:37 -------- d----c--- C:\Documents and Settings\NEDZAD\Application Data\Autodesk
2006-08-25 02:27 -------- d-------- C:\Program Files\Autodesk
2006-08-25 02:12 -------- d-------- C:\Program Files\Smart Projects
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-16 01:55 674636 --a------ C:\WINDOWS\Zabranjeno Pusenje Screensaver.scr
2006-07-31 17:16 26787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-07-28 00:24 -------- d-------- C:\Program Files\PopCap Games
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 01:14 -------- d-------- C:\Program Files\Trymedia
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32 "= "svcnet.exe "
"cprocsvc "= "C:\\windows\\system32\\crunner\\cproc.exe "
"PSDream "= "\ "C:\\Program Files\\PSDream\\PSDream.exe\" "
"taskdir "= "C:\\windows\\system32\\taskdir.exe "
"Apou "= "\ "C:\\DOCUME~1\\NEDZAD\\APPLIC~1\\ICROSO~1\\nslookup.exe\" -vt yazb "
"Awuucb "= "C:\\Program Files\\S?mantec\\?poolsv.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\windows\\system32\\NvCpl.dll,NvStartup "
"urj59dfa "= "RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532 "
"Lexmark X74-X75 "= "\ "C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\" "
"BJCFD "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
"SystemLoader "= "C:\\windows\\sysldr32.exe "
"IPInSightMonitor 02 "= "\ "C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\" "
"CaAvTray "= "\ "C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\" "
"IPInSightLAN 02 "= "\ "C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l "
"BootSkin Startup Jobs "= "\ "C:\\PROGRA~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs "
"WinampAgent "= "C:\\Program Files\\Winamp\\winampa.exe "
"UpdReg "= "C:\\WINDOWS\\UpdReg.EXE "
"BCMSMMSG "= "BCMSMMSG.exe "
"YBrowser "= "C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe "
"CAVRID "= "\ "C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\" "
"CloneCDElbyCDFL "= "\ "C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL "
"Microsoft Works Update Detection "= "C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe "
"Motive SmartBridge "= "C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe "
"nwiz "= "nwiz.exe /install "
"jrj59def "= "RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62 "
"YOP "= "C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart "
"jejqdrici "= "xcpvtp.exe autorun "
"sys02330309640 "= "C:\\windows\\sys02330309640.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
"sys09403303096 "= "C:\\windows\\sys09403303096.exe "
"!ewido "= "\ "C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized "
"TheMonitor "= "C:\\windows\\Duce6.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000002

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "C:\\windows\\warnhp.html "
"SubscribedURL "=" "
"FriendlyName "= "Desktop Uninstall "
"Flags "=dword:00002002
"Position "=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=dword:40000002
"OriginalStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,02,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "ewido anti-spyware 4.0 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"Wallpaper "=" "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"NoActiveDesktop "=dword:00000000
"ClassicShell "=dword:00000000
"ForceActiveDesktopOn "=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=" "
"NoDriveTypeAutoRun "=dword:00000000
"NoDriveAutoRun "=dword:00001f00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"UPnPMonitor "= "{e57ce738-33e8-4c51-8354-bb4de9d215d1} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l "
"item "= "Microsoft Office "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item "= "Microsoft Works Calendar Reminders "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinMXDownloadWinMX3.exe]
"location "= "Common Startup "
"item "= "WinMXDownloadWinMX3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DirectCD "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CursorXP]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CursorXP "
"hkey "= "HKCU "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\diagent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "diagent "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DiskeeperSystray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DkIcon "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Portfolio]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "WksSb "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RealPlay "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioAudioCentral]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RxMon "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DrgToDsc "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioEngineUtility]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "EngUtil "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "winampa "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Winamp\\winampa.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WorksFUD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "wkfud "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Microsoft Works\\wkfud.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ypager "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet "
"inimapping "= "0 "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\windows\tasks\Symantec NetDetect.job

Completion time: Sat 09/23/2006 12:46:04.43
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

 

Logfile of HijackThis v1.99.1
Scan saved at 12:42:03 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\PAStiSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\windows\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\windows\sysldr32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\windows\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\BCMSMMSG.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\windows\sys02330309640.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\windows\Duce6.exe
C:\windows\sys09403303096.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\PSDream\PSDream.exe
C:\Program Files\SBC Self Support Tool\bin\MotiveBrowser.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\SBC Self Support Tool\bin\mad.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\windows\system32\WinNB58.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [urj59dfa] RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SystemLoader] C:\windows\sysldr32.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [jrj59def] RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [jejqdrici] xcpvtp.exe autorun
O4 - HKLM\..\Run: [sys02330309640] C:\windows\sys02330309640.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TheMonitor] C:\windows\Duce6.exe
O4 - HKLM\..\Run: [sys09403303096] C:\windows\sys09403303096.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [cprocsvc] C:\windows\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe "
O4 - HKCU\..\Run: [taskdir] C:\windows\system32\taskdir.exe
O4 - HKCU\..\Run: [Apou] "C:\DOCUME~1\NEDZAD\APPLIC~1\ICROSO~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Awuucb] C:\Program Files\S?mantec\?poolsv.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = bin\matcli.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\windows\System32\PAStiSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:56:57 AM 9/23/2006

+ Scan result:



C:\Documents and Settings\NEDZAD\Desktop\sp\Spyware.Doctor.v3.8.0.1555.WinAll.Cracked.PROPER.READ.NFO-CRD.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\sp\Spyware.Doctor.v3.8.0.1557.Cracked-SnD..exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\system32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\TkVEWkFEIE1BSkRBTkFD\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\TkVEWkFEIE1BSkRBTkFD\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\upgradetb093.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1343024091-2049760794-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\SMANTE~1\ѕpoolsv.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp\heur001.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp\heur003.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp\Uninstall.exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ofiu\ofiud\ofiuc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\DOWNLOAD\SolSuite 2005 v5.7 With Crack (Works).zip/SolSuite 2005 v5.7 With Crack (Works).exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\DOWNLOAD\SolSuite 2006 v6.5 WinALL Cracked-CRUDE -Read .NFO-.zip/SolSuite 2006 v6.5 WinALL Cracked-CRUDE -Read .NFO-.exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\DOWNLOAD\[PC Game ITA] NBA Live 2006 Crack + Patch ITA + Update Teams al 07-03-06.zip/[PC Game ITA] NBA Live 2006 Crack + Patch ITA + Update Teams al 07-03-06.exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\DOWNLOAD\rebuilt.SolSuite 2005 v5.7 With Crack (Works).zip/SolSuite 2005 v5.7 With Crack (Works).exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\temporary f\SolSuite 2006 v6.5 WinALL Cracked-CRUDE -Read .NFO-.exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
F:\DOWNLOAD\SolSuite 2005 v5.7 With Crack (Works).zip/SolSuite 2005 v5.7 With Crack (Works).exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
F:\DOWNLOAD\SolSuite 2006 v6.5 WinALL Cracked-CRUDE -Read .NFO-.zip/SolSuite 2006 v6.5 WinALL Cracked-CRUDE -Read .NFO-.exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
F:\DOWNLOAD\rebuilt.SolSuite 2005 v5.7 With Crack (Works).zip/SolSuite 2005 v5.7 With Crack (Works).exe -> Downloader.Small.dnt : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\DOWNLOAD\CLONECD\crack\CRACK[1].CD-CloneCD_v4.3.1.5_by_TSRH.zip/clonecd.4.3.1.5.keygen-tsrh.zip.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\DOWNLOAD\CLONECD\crack\CRACK[1].CD-CloneCD_v4.3.1.6_by_TSRH.zip/clonecd.4.3.1.6.keygen-cdr-soft.host.sk.zip.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Desktop\DOWNLOAD\CLONECD\crack\CRACK[1].CD-CloneCD_v4.3.3.1_by_TSRH.zip/clonecd.4.3.3.1.keygen-tsrh.exe -> Hijacker.Small : Cleaned with backup (quarantined).
F:\DOWNLOAD\CLONECD\crack\CRACK[1].CD-CloneCD_v4.3.1.5_by_TSRH.zip/clonecd.4.3.1.5.keygen-tsrh.zip.exe -> Hijacker.Small : Cleaned with backup (quarantined).
F:\DOWNLOAD\CLONECD\crack\CRACK[1].CD-CloneCD_v4.3.1.6_by_TSRH.zip/clonecd.4.3.1.6.keygen-cdr-soft.host.sk.zip.exe -> Hijacker.Small : Cleaned with backup (quarantined).
F:\DOWNLOAD\CLONECD\crack\CRACK[1].CD-CloneCD_v4.3.3.1_by_TSRH.zip/clonecd.4.3.3.1.keygen-tsrh.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TheMatrixHasYou.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> TrackingCookie.Cj : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@ehg-sportingbet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\NEDZAD\Cookies\nedzad@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ahobddcc.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\apdiigah.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eleekdbg.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\floogpac.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\goiablae.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\base64.tmp -> Worm.NetSky.q : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\321 Studios GamesXCopy 1.0.8 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\3D Studio Max 6 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ABBYY FineReader Pro 7.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ACDSee PowerPack 7.0.43 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ACDSee v7.0 Powerpack 7.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\AOL Instant Messenger (AIM).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Ad-aware Pro Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Ad-aware Professional.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Ad-aware.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Acrobat Reader crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Acrobat Reader.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe After Effects PRO v6.5 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Golive v6.0 Keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Illustrator v10.0 Time Limit Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe ImageReady v1.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe PageMaker v7.0 Keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Photoshop 7 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Photoshop CS 8 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Photoshop CS crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Photoshop all.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adobe Serial Generator v2.0.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Adult Tetris 2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Age Of Mythology - The Titans no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Age Of Mythology no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Age of Empires II The Age of Kings NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Agnitum Outpost Firewall 2.5.369 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Ahead Nero Burning 6.6.0.3 Ultra Edition keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Alcohol 120% v1.9.2 build 1705 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Alias Acclaim crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\All Macromedia Products Keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\All-in-One Secretmaker.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Anti-Trojan 4.0.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\AnyDVD 3.9.2.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\AnyDVD 4.0.4.1 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\AquaZone Desktop Garden 1.0.1.1 full crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Ares Galaxy.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Ares Lite.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Avant Browser.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Babylon Pro 5.0.0 (r78) crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Babylon Pro 5.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Backyard Baseball 2003 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Backyard Wrestling 2 - There Goes the Neighborhood Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).

 

C:\WINDOWS\system32\msview\Backyard Wrestling 2 - There Goes the Neighborhood Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Battlefield 1942 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Battlefield Vietnam EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Battlefield Vietnam Multiplayer Online Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Besieger DreamCatcher Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\BitComet.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Blindwrite Suite 4.5.3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Blinx 2 - Masters of Time & Space Microsoft crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Blitzkrieg - Burning Horizon CDV Software GmbH crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CCALG - Credit Card Generator.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Call Of Duty no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Call of Duty Activision crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\City of Heroes NCsoft crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Civilization III crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Classic NES Series - The Legend of Zelda GBA Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Clone DVD 2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneCD 2.x Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneCD 3.x Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneCD 5.0.2.2 crackcrack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneCD 5.0.4.5 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneCD All Version KeyGen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneDVD 2.1.0.2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneDVD 2.5.4.3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneDVD v1.x crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneDVD v3.0.25 Retail crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneDVD2 v2.4.3.5 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneDVD2 v2.4.5.4 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CloneDVD2 v2.5.3.3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Command & Conquer - Generals Zero Hour EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Command & Conquer - Generals Zero Hour no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Command & Conquer - Generals no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CopyToDVD 3.0.3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Corel Draw Graphics Suite 12.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Counter-Strike Condition Zero Keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Crusader Kings Paradox Entertainment crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Cubase Audio XT 3.X crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\CyberLink PowerDVD v6.0 Deluxe7 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\DFX Audio Enhancement 2.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\DRIV3R Atari crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\DVD Region-Free 5.5 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\DVDXCopy Platinum 4.0.3.8 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dark Matter - The Baryon Proj crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Deus Ex Invisible War NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Diablo 2 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dialupass 2.43 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\DivX Player (with DivX Codec).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\DivX Player Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Doom 3 Activision crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Doom 3 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Doom 3 SDK keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Doom 3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dope Wars Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Download Accelerator Plus V7.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Download Accelerator Plus v7.2 Premium crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Download Accelerator Plus.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dr Divx Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dr.Divx 1.0.6 Build 105 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dragon Ball Z - Budokai 3 Atari crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dragon Ball Z - Supersonic Warriors GBA Atari crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dragon Warrior VIII Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dungeon Lords DreamCatcher Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Dungeon Siege no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ESPN NFL 2K5 Sega crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Easy CD-DA Extractor 7.1.3.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Easy CD-DA Extractor 7.13.2 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Enter the Matrix Atari crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\F.E.A.R. VU Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FTP Server Serv-U 5.1 Coporate Edition crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Fable Microsoft crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Far Cry Ubisoft crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Fifa 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Final Fantasy VII - Advent Children PSP Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Final Fantasy XI - Square Enix USA no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Final Fantasy XII Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Fire Emblem - Seima no Kouseki GBA Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashFXP 2 RC2 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashFXP All Version KeyGen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashFXP v1.4.1 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashFXP v1.4.3 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashFXP v2.0 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashFXP v2.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashFXP v2.2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FlashGet.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Forgotten Realms - Demon Stone Atari crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Forgotten Realms - Demon Stone crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Free Internet TV 3.2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Freedom Force no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Front Mission 4 Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\FrontPage XP 2002 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Full Spectrum Warrior THQ crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\GTA crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\GX Transcoder 2.10.2350 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Geist GC Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\GetRight 5.2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Goblin Commander - Unleash the Horde Jaleco Entertainment crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Gran Turismo 4 SCEA crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Grand Theft Auto - San Andreas Rockstar Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Grand Theft Auto 3 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Grand Theft Auto III no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Grand Theft Auto San Andreas NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Grand Theft Auto Vice City NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Grokster.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Gunbound Trainer.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Half-Life 2 Keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Half-Life 2 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Half-Life 2 VU Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Half-Life 2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Halo - Combat Evolved - Microsoft no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Halo 2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Harry Potter and the Prisoner of Azkaban Adventure EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Harry Potter and the Sorcerers Stone no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Heroes of Might and Magic IV no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Hidden and Dangerous 2 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\HijackThis.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ICQ 4.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ICQ Pro 2003b.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Icewind Dale 2 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Internet Download Manager v4.02 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\IsoBuster Professional v1.7.0.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Jedi Academy NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\JetAudio Basic.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Joint Operations - Typhoon Rising NovaLogic crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Juiced Acclaim crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\K-Lite Codec Pack v2.31 Full crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\K-Lite Mega Codec Pack 1.13 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Kaspersky Anti-Hacker v1.7 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Kazaa Download Accelerator Pro.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Kingdom Hearts II Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Knights Apprentice Memoricks Adventures Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\LOTR NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\LimeWire (International).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\LimeWire server scanner.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\LimeWire.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MP3 Doctor 5.11.15 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MS Office XP Activation Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MS Zoo Tycoon no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MSN Messenger (Windows XP).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MSN Toolbar advert remover.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MSN Toolbar.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MSN advert remover.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MVP Baseball 2004 EA crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia ColdFusion MX crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Contribute v2.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Director 8 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Dreamweaver 4.0 Patch.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Dreamweaver MX 2004 7.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Dreamweaver MX v6.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Dreamweaver UltraDev 4.0 Patch.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Fireworks 4.0 Patch.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Flash 5 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Flash All Versions keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Flash MX v6.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia Flash SWF-Unprotect v2.0.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Macromedia FreeHand v10 Loader.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Madden NFL 2003 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Madden NFL 2005 EA crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Mafia no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MagicScore maestro 3.5 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Malice Mud Duck Productions crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Mario Pinball Land GBA Puzzle Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Mario Tennis GC Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Matrix Screensaver.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Max Payne 2 Fall Of Max Payne no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Max Payne 2 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Max Payne 2 The Fall of Max Payne NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MaxPayne 2 The Fall Of Max Payne Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\McAfee VirusScan 9.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\McFarlanes Evil Prophecy Konami crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).

 

C:\WINDOWS\system32\msview\Medal Of Honor - Allied Assault BreakThrough no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Medal Of Honor - Allied Assault no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Medal of Honor Pacific Assault EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Medal of Honor- Allied Assault no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Medieval - Total War no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Mega Man Anniversary Collection GC Capcom crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Metal Gear Acid PSP Konami crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Metal Gear Solid 3 - Snake Eater Konami crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Flight Simulator 2004 - A Century Of Flight no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Office 2000 Regmaker.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Office XP Activation Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Office XP Activation Killer.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Office XP Professional Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Office XP Professional Serial.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Office XP Universal Activator v1.0.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Windows Media Player.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Windows XP Professional ( Corp key ) keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Microsoft Windows Xp Profesional Sp 2 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Midnight Club 3 - DUB Edition Rockstar Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Monopoly 3 ISO crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Monopoly 3 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Morpheus.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Mortal Kombat 4 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Mozilla Firefox.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MusicMatch Jukebox Plus 9.00 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\MyIE2.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NBA Live 2003 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NBA Live 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NCAA Football 2005 EA crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NERO 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NOD32 Antivirus 2.12.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need For Speed 5 - no cd.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for Speed Hot Pursuit 2 CD KeyGenerator.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for Speed Underground 2 Electronic Arts crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for Speed Underground 2 NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for Speed Underground 2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for Speed Underground Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for Speed Underground NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for Speed4 - NOCD.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Need for speed underground - nocd.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NeedforspeedUnderground-nocd.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero 6 Ultra Edition 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero 6 Ultra Edition Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero 6 Ultra Edition KeyGen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero 6 Ultra Edition.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero 6.6.0.3 Ultra crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero Burning ROM v6.x crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero Burning Rom 6.6.0.3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero Burning Rom Reloaded 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero Reloaded 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Nero Ultra Edition 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NetPumper Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\NetPumper.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Ninja Gaiden Tecmo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Norman Virus Control 5.70 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Norton AntiSpam 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Norton AntiVirus 2004 Professional Edition keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Norton AntiVirus 2004 Professional activation keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Norton AntiVirus 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Norton Personal Firewall 2005 retail crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Onimusha 3 - Demon Siege Adventure Capcom crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\PINNACLE STUDIO PLUS V9.3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\PhotoShop CS 8.0 & ImageReady CS 8.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\PhotoShop CS v8.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Plus! Media Center Edition crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\PowerDVD v5.9 Deluxe crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Psi-Ops - The Mindgate Conspiracy Midway crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Purge Jihad Freeform Interactive LLC crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Quake 3 - The Arena NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\QuickTime.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\RYL crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\RealPlayer Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\RealPlayer crack (keygen).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\RealPlayer.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Red Dead Revolver Rockstar Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Registry Mechanic 3.0 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Registry Mechanic Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Registry Mechanic.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Resident Evil 4 GC Adventure Capcom crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Rise of Nations - Thrones & Patriots Microsoft crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\RoboForm crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\RoboForm.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Roller Coaster Tycoon no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\RollerCoaster Tycoon NO CD Crack (Including Attractions Pack).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Rollercoaster Tycoon 3 3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Second Life Linden Lab crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Serials 2000 v7.1 Plus (build 06.16.04) keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Shadow Ops - Red Mercury Atari crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ShellShock - Nam 67 Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Shockwave Player.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Silent Storm - Sentinels _No Company crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Sim City 4 - Rush Hour no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Sim City 4 Deluxe no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Sim Theme Park World no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Sims 2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Singles - Flirt Up Your Life Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Snood Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Snood.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Snowblind Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\SolSuite 2004 - Solitaire Card Games Suite Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\SolSuite 2004 - Solitaire Card Games Suite.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Soldier of Fortune II- Double Helix no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Sonic the Hedgehog 3 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spider-Man 2 Activision crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spider-Man 2 GC Activision crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spy Sweeper 3.2 147 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\SpyHunter Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\SpyHunter.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spybot - Search & Destroy.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spyware Doctor 2.1.0.254 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spyware Doctor Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spyware Doctor V3 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spyware Doctor v3.0.0.288 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spyware Doctor.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Spyware doctor 2.1 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\SpywareBlaster.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Star Wars - Jedi Knight - Jedi Academy no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Star Wars - Knights of the Old Republic LucasArts crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Star Wars Galactic Battlegrounds- Clone Campaigns no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Star Wars Jedi Knight II - Jedi Outcast no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Star Wars Jedi Knight II- Jedi Outcast no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Star Wars Knights of the Old Republic II - The Sith Lords LucasArts crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Starcraft - Battlechest no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Strip Poker 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Super dvd Creator 7.5 7.5 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Sygate Personal Firewall PRO v5.5 Build 2577 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Symantec Ghost 8.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Symatec System Center V9.0.0.338 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Chronicles of Riddick - Escape From Butcher Bay VU Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Elder Scrolls III - Morrowind Game of the Year Edition Bethesda Softworks crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Legend of Zelda (working title) GC Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Legend of Zelda - Four Swords Adventures GC Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Legend of Zelda - The Minish Cap GBA Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Lord of the Rings - The Battle for Middle-Earth crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Lord of the Rings The Battle for Middle-earth EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Lord of the Rings The Return of The King crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims - Hot Date Expansion Pack no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims - Makin Magic Expansion Pack no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims - Superstar Expansion Pack no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims - Unleashed Expansion Pack no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims - Vacation Expansion Pack no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims 2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims Deluxe no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims Double Deluxe no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Sims- Vacation no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).

 

C:\WINDOWS\system32\msview\The Suffering Encore Software Inc. crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The Suffering Midway crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\The lord of the rings the battle for middle earth crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Thief - Deadly Shadows Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Tiger Woods PGA Tour 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Tom Clancy's Splinter Cell Pandora Tomorrow crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Tom Clancys Splinter Cell Pandora Tomorrow Ubisoft crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Tom Clancys Splinter Cell Ubisoft crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Tony Hawks Underground crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Total Commander v6.03a PowerPack 25 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Trillian Pro v3.0.950 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Trillian crasher.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Trillian.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Tweak-XP Pro 4.0.2 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Unreal Tournament 2003 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Unreal Tournament 2004 Atari crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Unreal Tournament 2004 Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Unreal Tournament 2004 NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Unreal Tournament 2004 crack (keygen).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Vampire - The Masquerade - Bloodlines Activision crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\VirtualLab Data Recovery crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\VirtualLab Data Recovery.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Virtuosa Phoenix Edition Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WWE Day of Reckoning GC THQ crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WWE SmackDown! vs. Raw THQ crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Warcraft III - Reign Of Chaos no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Warez P2P.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WebRoot Spy Sweeper 3.5.0.189 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WebSite Watcher v4.02 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Webroot Spy Sweeper Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Webroot Spy Sweeper.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinDVD Platinum 5.0.26.23 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinMX.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR 3.30 Corporate Ed crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR 3.x Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR All KeyGen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR crack (keygen).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR v3.20 Final keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR v3.30 Final keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR v3.41 Final keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinRAR.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZIP v9.0 Keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip 9.x Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip All KeyGen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip All Versions keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip Self-Extractor v2.2 Patch.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip Self-Extractor v2.2 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip v8.0 Keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip v9.0 Registration.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\WinZip.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Winace 2.x Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Winamp 5.03 Full crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Winamp Full.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Windows Server 2003 SP1 Build 1039-2l crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Windows XP Activation Crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Windows XP Pro 64-bit crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Windows XP Professional crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Windows XP SP2 KeyGen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Windows XP home edition Activation.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Winzip keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\World of Warcraft Blizzard Entertainment crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Worms Armageddon NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\XBOX X-Fer Ripper and Transfer.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\XP Slipstreamer v1.0 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Yahoo Messenger.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Yoshinoya Success crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ZeroSpyware Lite.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Zone Alarm Security Suite 5.5.062 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ZoneAlarm crack (keygen).exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\ZoneAlarm.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Zoo Tycoon - Complete Collection no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Zoo Tycoon no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\Zoo Tycoon- Dinosaur Digs no cd crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\acdsee 7.0.61 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\babylon-pro 5.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\dBpowerAmp Music Converter.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\eMule.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\iMesh.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\mIRC 6.X crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\mirc 6.1x reg entries.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\mp3DirectCut 1.38 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\nVidia nTune 2005 keygen.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\norton 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\norton antivirus 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\norton internet security 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msview\windows server 2003 crack.exe -> Worm.Tibick.d : Cleaned with backup (quarantined).


::Report end

 

Ok, I'm noticing alot of the Ewido items found have 'crack.exe', do you have any apps on your system which are indeed illegally gotten from warez\crack sites? If so, please be sure and remove all traces of them and play it smart and safe and stay away from all of those types of sites. Nothing but trouble waiting to happen at any of those sites. They are frequently used to spawn all sorts of nasties and are also used by anti-spyware researchers to garner new file infections.

1) Please download the Killbox.
Save it to the desktop and run it.

2) Select "Delete on Reboot ", and then select "All files ".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\sys02330309640.exe
C:\WINDOWS\sys09403303096.exe
C:\WINDOWS\system32\zlbw.dll
C:\WINDOWS\system32\image.gif.exe
C:\WINDOWS\sys033030964032006.exe
C:\WINDOWS\system32\lzx32.sys
C:\WINDOWS\system32\tbhogt.dll
C:\owodkr.exe
C:\WINDOWS\system32\sachosts.exe
C:\WINDOWS\system32\sachostp.exe
C:\WINDOWS\sysldr32.exe
C:\WINDOWS\system32\urj59dfa.sys
C:\tvlc.exe
C:\WINDOWS\system32\jrj59def.sys
C:\WINDOWS\9129837.exe
C:\vowvv.exe
C:\WINDOWS\srviqkckwn.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Common Files\ofiu
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\cloader
C:\Program Files\PSDream
C:\Program Files\PSCloner
C:\Program Files\DC++


4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard ".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Run Hijackthis and look over the following entries I have listed(some may not be listed due to previous instructions(, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)


O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\windows\system32\WinNB58.dll (file missing)


O4 - HKLM\..\Run: [urj59dfa] RUNDLL32.EXE w521c532.dll,n 00459df600000005521c532

O4 - HKLM\..\Run: [SystemLoader] C:\windows\sysldr32.exe

O4 - HKLM\..\Run: [jrj59def] RUNDLL32.EXE w521bd62.dll,n 00459deb00000005521bd62

O4 - HKLM\..\Run: [jejqdrici] xcpvtp.exe autorun

O4 - HKLM\..\Run: [sys02330309640] C:\windows\sys02330309640.exe

O4 - HKLM\..\Run: [TheMonitor] C:\windows\Duce6.exe

O4 - HKLM\..\Run: [sys09403303096] C:\windows\sys09403303096.exe

O4 - HKCU\..\Run: [Shellapi32] svcnet.exe

O4 - HKCU\..\Run: [cprocsvc] C:\windows\system32\crunner\cproc.exe

O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe "

O4 - HKCU\..\Run: [taskdir] C:\windows\system32\taskdir.exe

O4 - HKCU\..\Run: [Apou] "C:\DOCUME~1\NEDZAD\APPLIC~1\ICROSO~1\nslookup.exe " -vt yazb

O4 - HKCU\..\Run: [Awuucb] C:\Program Files\S?mantec\?poolsv.exe


O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)


O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab

O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)

Reboot and run ComboFix first, then HJT and post both logs back into this thread.

 

Logfile of HijackThis v1.99.1
Scan saved at 2:55:14 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\windows\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\PAStiSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\windows\sysldr32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Winamp\winampa.exe
C:\windows\BCMSMMSG.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\windows\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SystemLoader] C:\windows\sysldr32.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe "
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe "
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = bin\matcli.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\windows\System32\PAStiSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE