|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
ED_H
Trooper
Joined: Jul 22, 2006
Posts: 19
Location: USA
|
 Posted: Tue Aug 07, 2007 4:05 pm Post subject: Need Help - Possible Rootkit |
|
|
If I run AVG Anti Rootkit it says I have a hidden driver file, I have not deleted it due to a lack of experience with rootkits. If I run CCLeaner and reboot Avg still shows a driver but it changes it's name (see AVG Logs). I have also run Gmer, RKU, and Hijack This. Could someone please read the logs and advise me on my next move?
Thanks,
Ed
| Description: |
|
Download |
| Filename: |
Gmer Log.txt |
| Filesize: |
189.46 KB |
| Downloaded: |
61 Time(s) |
| Description: |
|
Download |
| Filename: |
RKU Log.txt |
| Filesize: |
5.24 KB |
| Downloaded: |
57 Time(s) |
| Description: |
|
Download |
| Filename: |
hijackthis.txt |
| Filesize: |
8.12 KB |
| Downloaded: |
38 Time(s) |
|
|
| Back to top |
|
 |
ED_H
Trooper
Joined: Jul 22, 2006
Posts: 19
Location: USA
|
| Posted: Tue Aug 07, 2007 4:07 pm Post subject: |
|
|
I guess I was past the limit for attachments. here are the AVG logs.
Thanks,
Ed
| Description: |
|
Download |
| Filename: |
AVG1.txt |
| Filesize: |
122 Bytes |
| Downloaded: |
33 Time(s) |
| Description: |
|
Download |
| Filename: |
AVG2.txt |
| Filesize: |
122 Bytes |
| Downloaded: |
32 Time(s) |
| Description: |
|
Download |
| Filename: |
AVG3.txt |
| Filesize: |
122 Bytes |
| Downloaded: |
28 Time(s) |
|
|
| Back to top |
|
|
PCBruiser
SRT Team Lead
Forums Admin
Joined: May 11, 2005
Posts: 11723
|
| Posted: Tue Aug 07, 2007 7:03 pm Post subject: |
|
|
Hi,
Let's start this at the beginning. First, we don't open attachments because "bad guys" have been known to attack us using self-executing ones from time-to-time. So, please open each of them using as many posts as necessary to post them all fully.
When you do open each in Notepad, go to the Format menu and uncheck Word Wrap - that makes reading logs much easier, then copy/paste them into a post, and do not use either a Code or Quote box to post them.
I want to look at your HJT log first, and will probably have you run some tests to see if you have any "normal" malware on your system. Now, here's the question, what caused you to want to run all these things in the first place? Having any system issues?
You should know two things:
1. Most anti-rootkit software creates random named hidden driver services in order to function correctly, and disguise themselves from malware/rootkits.
2. GMER and RUK may interfere with each other's operation causing either or both of them to not work properly or report incorrectly what they find.
So, maybe there's a problem, and maybe not.
_________________
Don't read? Can't learn!
|
|
| Back to top |
|
|
ED_H
Trooper
Joined: Jul 22, 2006
Posts: 19
Location: USA
|
| Posted: Tue Aug 07, 2007 7:43 pm Post subject: |
|
|
Causes: My system hasn't seemed quite right lately, monitor hiccups occaisionally, system seems sluggish, longer than normal reboot, ran Spy Sweeper last night, it usually runs a full scan in less than a half hour at two hours it was still running (found nothing). Nothing outright blatant just not 100%.
Actions: Ran CCleaner, Window Washer, Reboot.
Ran AVG Anti Virus, Spy Sweeper, Spybot S&D, WD Diagnostics. All programs had newest updates and found nothing. Then ran Sophos Anti rootkit and AVG Antirootkit both usually come up clean but AVG found hidden drivers.
I started doing some reading here in CastleCops and figured I needed to ask for some help.
HJT Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:42 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SageTV\SageTV\SageTVService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Presorium\Frontgate MX\frntgate.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Maxthon\maxthon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/index2.psp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/index2.psp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [FG1_00] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\Ed\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O16 - DPF: SEAGULL J Walk Java Client 3_3C10 - http://njraccount.njresources.com/jwalk/jwalk_ie.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.mushkin.com/_detect/InSPECS3_0.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184172650796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184172620718
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://americaschoice.lifepics.com/net/Uploader/ImageUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://americaschoice.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SageTV - SageTV, LLC - C:\Program Files\SageTV\SageTV\SageTVService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
--
End of file - 8310 bytes
|
|
| Back to top |
|
|
ED_H
Trooper
Joined: Jul 22, 2006
Posts: 19
Location: USA
|
| Posted: Tue Aug 07, 2007 7:46 pm Post subject: |
|
|
GMER Log:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-07 10:33:24
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT 872CAF30 ZwAllocateVirtualMemory
SSDT 1234bus.sys ZwClose
SSDT 873C0290 ZwCreateKey
SSDT 1234bus.sys ZwCreatePagingFile
SSDT 872CBF30 ZwCreateProcess
SSDT 872CBEB8 ZwCreateProcessEx
SSDT 872CBCD8 ZwCreateThread
SSDT 873C52D8 ZwDeleteKey
SSDT 872CBFA8 ZwDeleteValueKey
SSDT 1234bus.sys ZwEnumerateKey
SSDT 1234bus.sys ZwEnumerateValueKey
SSDT 1234bus.sys ZwOpenFile
SSDT 1234bus.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 1234bus.sys ZwQueryKey
SSDT 1234bus.sys ZwQueryValueKey
SSDT 872CAFA8 ZwQueueApcThread
SSDT 872CAE40 ZwReadVirtualMemory
SSDT 873DF6C8 ZwRenameKey
SSDT 872CBB70 ZwSetContextThread
SSDT 87292148 ZwSetInformationKey
SSDT 872CBDC8 ZwSetInformationProcess
SSDT 872CBBE8 ZwSetInformationThread
SSDT 1234bus.sys ZwSetSystemPowerState
SSDT 872ED4F0 ZwSetValueKey
SSDT 872CBD50 ZwSuspendProcess
SSDT 872CBAF8 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 872CBC60 ZwTerminateThread
SSDT 872CAEB8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
? phooks.sys The system cannot find the file specified.
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6B8162C 5 Bytes JMP 870F61C8
? System32\Drivers\abap3n56.SYS The system cannot find the file specified.
? C:\WINDOWS\system32\51.tmp The system cannot find the file specified.
---- User code sections - GMER 1.0.13 ----
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[504] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 03, FF, C3, 83 ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1980] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ AB, FA, C3, 83 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0002FCB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0002FEDC C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2628] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0002FCB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2628] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 0002FE60 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[2628] kernel32.dll!VirtualFree 7C809AE4 5 Bytes JMP 0002FEA0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 872CACD0
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 872CADC8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 872CADC8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 872CACD0
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 872CACD0
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 872CADC8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 872CADC8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 872CACD0
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75EF29A] sptd.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 872CADC8
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 872CACD0
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 872CADC8
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 872CACD0
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 872CADC8
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
IAT C:\Program Files\Presorium\Frontgate MX\frntgate.exe[532] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00032A1C] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
---- Devices - GMER 1.0.13 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8735A1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8735A1E8
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7725E00] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7C37404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7C37404] avg7rsw.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8670EDE4
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86F3A2F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86F3A2F8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 86522098
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8717D950
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 86F4FC90
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 86487078
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 86487FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 86C2C490
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 86C1D588
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 870A20C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 86C49E00
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 86044378
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 864ECAB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 870653E0
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 87188E90
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 86FA8CB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 8670EC20
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C1585A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 86C110C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 86F81100
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 86C120B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 86C44330
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 8711DC00
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 86D79450
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 8700B0B8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 8713BE90
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 86D796E0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 86D791C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 86D88970
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 86D886E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{74CE4960-8A40-4B8A-84F5-DAE995AD1755} IRP_MJ_CREATE 870F4790
Device \Driver\NetBT \Device\NetBT_Tcpip_{74CE4960-8A40-4B8A-84F5-DAE995AD1755} IRP_MJ_CLOSE 870F4790
Device \Driver\NetBT \Device\NetBT_Tcpip_{74CE4960-8A40-4B8A-84F5-DAE995AD1755} IRP_MJ_DEVICE_CONTROL 870F4790
Device \Driver\NetBT \Device\NetBT_Tcpip_{74CE4960-8A40-4B8A-84F5-DAE995AD1755} IRP_MJ_INTERNAL_DEVICE_CONTROL 870F4790
Device \Driver\NetBT \Device\NetBT_Tcpip_{74CE4960-8A40-4B8A-84F5-DAE995AD1755} IRP_MJ_CLEANUP 870F4790
Device \Driver\NetBT \Device\NetBT_Tcpip_{74CE4960-8A40-4B8A-84F5-DAE995AD1755} IRP_MJ_PNP 870F4790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 870F51E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 870F51E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 870F51E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 870F51E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 873D01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 873D01E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 870F51E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 870F51E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 870F51E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 870F51E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 870F51E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 870F51E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 870F31E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 870F31E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 870F31E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 870F31E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 870F31E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 870F31E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 870F31E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 86522098
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8717D950
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 86F4FC90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 86487078
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 86487FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 86C2C490
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 86C1D588
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 870A20C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 86C49E00
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 86044378
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 864ECAB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 870653E0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 87188E90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 86FA8CB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 8670EC20
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C1585A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 86C110C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 86F81100
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 86C120B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 86C44330
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 8711DC00
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 86D79450
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 8700B0B8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 8713BE90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 86D796E0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 86D791C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 86D88970
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 86D886E0
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_CREATE [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_CREATE_NAMED_PIPE [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_CLOSE [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_READ [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_WRITE [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_QUERY_INFORMATION [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_SET_INFORMATION [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_QUERY_EA [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_SET_EA [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_FLUSH_BUFFERS [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_QUERY_VOLUME_INFORMATION [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_SET_VOLUME_INFORMATION [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_DIRECTORY_CONTROL [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_FILE_SYSTEM_CONTROL [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_DEVICE_CONTROL [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_INTERNAL_DEVICE_CONTROL [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_SHUTDOWN [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_LOCK_CONTROL [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_CLEANUP [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_CREATE_MAILSLOT [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_QUERY_SECURITY [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_SET_SECURITY [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_POWER [F75E8EA8] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_SYSTEM_CONTROL [F760C2C8] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_DEVICE_CHANGE [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_QUERY_QUOTA [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_SET_QUOTA [F760FB0E] sptd.sys
Device \Driver\PCI_NTPNP3746 \Device\00000063 IRP_MJ_PNP [F760D238] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8735E1E8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F731B880] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F731B880] timntr.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8735E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8735E1E8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [F72FC380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL
|
|
| Back to top |
|
|
ED_H
Trooper
Joined: Jul 22, 2006
Posts: 19
Location: USA
|
| Posted: Tue Aug 07, 2007 7:47 pm Post subject: |
|
|
RKU Log:
>SSDT State
NtAllocateVirtualMemory
Actual Address 0x872CAF30
Hooked by: Unknown module filename
NtClose
Actual Address 0xF7558028
Hooked by: 1234bus.sys
NtCreateKey
Actual Address 0x873C0290
Hooked by: Unknown module filename
NtCreatePagingFile
Actual Address 0xF754BB00
Hooked by: 1234bus.sys
NtCreateProcess
Actual Address 0x872CBF30
Hooked by: Unknown module filename
NtCreateProcessEx
Actual Address 0x872CBEB8
Hooked by: Unknown module filename
NtCreateThread
Actual Address 0x872CBCD8
Hooked by: Unknown module filename
NtDeleteKey
Actual Address 0x873C52D8
Hooked by: Unknown module filename
NtDeleteValueKey
Actual Address 0x872CBFA8
Hooked by: Unknown module filename
NtEnumerateKey
Actual Address 0xF754C5DC
Hooked by: 1234bus.sys
NtEnumerateValueKey
Actual Address 0xF7558120
Hooked by: 1234bus.sys
NtOpenFile
Actual Address 0xF754BB40
Hooked by: 1234bus.sys
NtOpenKey
Actual Address 0xF7557FA4
Hooked by: 1234bus.sys
NtOpenProcess
Actual Address 0xF7D938AC
Hooked by: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
NtQueryKey
Actual Address 0xF754C5FC
Hooked by: 1234bus.sys
NtQueryValueKey
Actual Address 0xF7558076
Hooked by: 1234bus.sys
NtQueueApcThread
Actual Address 0x872CAFA8
Hooked by: Unknown module filename
NtReadVirtualMemory
Actual Address 0x872CAE40
Hooked by: Unknown module filename
NtRenameKey
Actual Address 0x873DF6C8
Hooked by: Unknown module filename
NtSetContextThread
Actual Address 0x872CBB70
Hooked by: Unknown module filename
NtSetInformationKey
Actual Address 0x87292148
Hooked by: Unknown module filename
NtSetInformationProcess
Actual Address 0x872CBDC8
Hooked by: Unknown module filename
NtSetInformationThread
Actual Address 0x872CBBE8
Hooked by: Unknown module filename
NtSetSystemPowerState
Actual Address 0xF7557550
Hooked by: 1234bus.sys
NtSetValueKey
Actual Address 0x872ED4F0
Hooked by: Unknown module filename
NtSuspendProcess
Actual Address 0x872CBD50
Hooked by: Unknown module filename
NtSuspendThread
Actual Address 0x872CBAF8
Hooked by: Unknown module filename
NtTerminateProcess
Actual Address 0xF7D93812
Hooked by: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
NtTerminateThread
Actual Address 0x872CBC60
Hooked by: Unknown module filename
NtWriteVirtualMemory
Actual Address 0x872CAEB8
Hooked by: Unknown module filename
>Shadow
NtUserAttachThreadInput
Actual Address 0x85929278
Hooked by: Unknown module filename
NtUserGetAsyncKeyState
Actual Address 0x859282E0
Hooked by: Unknown module filename
NtUserGetKeyboardState
Actual Address 0x8592DE10
Hooked by: Unknown module filename
NtUserGetKeyState
Actual Address 0x8592D2E0
Hooked by: Unknown module filename
NtUserMessageCall
Actual Address 0x86C1BF20
Hooked by: Unknown module filename
NtUserPostMessage
Actual Address 0x86F1B5F8
Hooked by: Unknown module filename
NtUserPostThreadMessage
Actual Address 0x86F1B160
Hooked by: Unknown module filename
NtUserSetWindowsHookEx
Actual Address 0x86DA9C68
Hooked by: Unknown module filename
NtUserSetWinEventHook
Actual Address 0x86C32020
Hooked by: Unknown module filename
>Processes
>Drivers
| | |
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
