Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs Slow To Load, Hang, Or Don't Load At All


  • This topic is locked This topic is locked
31 replies to this topic

#1 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 31 August 2007 - 08:57 PM

Hey.

My computer has been operating excruciatingly slow over the past few months, and I have no idea why. I'm pretty new to computers, as far as, being able to fix them myself.

I run ESET-NOD32 as anti-virus; Zone Alarm as a firewall; and Prevx.

I also regularly scan with Ad-Aware SE, Spybot- S&D, AVG, and Spyware Blaster (which I don't think that I am using correctly).

I followed the steps that you have outlined in the "Preparation Guide For Use Before Posting" but was unable to get the on-line scanners to work (all 3). I was using IE at the time.

All my scans come up clean, but programs are loading too slow, or not at all.

Here's HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:34 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx2\PXAgent.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/downlo...om/default.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: BYEUU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Todd\LOCALS~1\Temp\BYEUU.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6612 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 01 September 2007 - 03:58 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum DocSatan :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 01 September 2007 - 12:51 PM

Rich,

Thank you for your speedy response!

I removed 4 Java updates (Remove/Add Programs) and installed the latest Java update that you instructed.

When I tried to run ComboFix I got 1 window that said I wasn't an Admin and then Prevx blocked the program (SWREG.exe) as Malware.

I can turn off PrevX, but the ADMIN thing might be tricky. I am the sole user of my PC, which was built by a friend of mine who builds PCs. I've tried in the past to log into the Admin account when in Safe Mode (that's the only time that the Admin account presents itself), but have been unsuccessful. I normally log into the PC with my User Account.

Can you Help?

Here's my latest HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:13 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/downlo...om/default.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: BYEUU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Todd\LOCALS~1\Temp\BYEUU.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6425 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 01 September 2007 - 12:57 PM

Download this tool to your desktop:
http://download.bleepingcomputer.com/sUBs/...bug-Restore.exe
Doubleclick SeDebug-Restore.exe and let it run.
Restart your pc,this is very important.

Then try Combofix again.
Posted Image
Posted Image

#5 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 01 September 2007 - 01:43 PM

Rich,

I ran the SeDebug program without incident.

When I tried to run ComboFix I got the same Admin window, as well as the Prevx Block.

I disabled PrevX and ran ComboFix again, without issue. (Wonder if the Admin message was due to the PrevX Block?)

On ComboFix re-boot, PrevX blocked it again. I disabled PrevX and ComboFix seemed to continue and complete its process.

Here's the ComboFix log:

ComboFix 07-08-30.3 - "Todd" 2007-09-01 14:28:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1606 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\sfsync03.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC03
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))


2007-09-01 14:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 12:36 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-09-01 12:33 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-08-31 21:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-31 20:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-31 16:41 <DIR> d-------- C:\Program Files\YourWare Solutions
2007-08-30 20:57 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-08-30 20:48 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-30 20:48 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-29 11:39 <DIR> d-------- C:\KAV
2007-08-23 14:44 <DIR> d-------- C:\DOCUME~1\Todd\APPLIC~1\Move Networks
2007-08-21 10:42 <DIR> d-------- C:\Program Files\Prevx2
2007-08-21 10:42 <DIR> d-------- C:\DOCUME~1\Todd\APPLIC~1\Prevx
2007-08-21 10:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-08-19 12:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-01 12:57 --------- d-------- C:\Program Files\Yahoo!
2007-09-01 12:54 --------- d-------- C:\Program Files\iPod
2007-09-01 12:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-01 12:51 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-31 14:15 --------- d-------- C:\Program Files\GameSpy Arcade
2007-08-31 02:15 --------- d-------- C:\Program Files\Ubisoft
2007-08-30 21:03 --------- d-------- C:\DOCUME~1\Todd\APPLIC~1\OpenOffice.org2
2007-08-30 19:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-30 18:11 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-21 10:41 77312 --a------ C:\WINDOWS\ua2.dll
2007-08-20 20:28 --------- d-------- C:\DOCUME~1\Todd\APPLIC~1\Hamachi
2007-08-13 03:55 --------- d---s---- C:\Program Files\Xfire
2007-08-12 18:03 --------- d-------- C:\DOCUME~1\Todd\APPLIC~1\Xfire
2007-08-01 05:59 2776 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-01 05:59 --------- d-------- C:\DOCUME~1\Todd\APPLIC~1\Corel
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 09:30 --------- d-------- C:\Program Files\vso
2007-07-26 17:17 --------- d-------- C:\DOCUME~1\Todd\APPLIC~1\U3
2007-07-26 12:46 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-25 22:36 --------- d-------- C:\Program Files\QuickTime
2007-07-25 22:34 --------- d-------- C:\Program Files\Apple Software Update
2007-07-25 22:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 10:52 --------- d-------- C:\Program Files\Xvid
2007-07-04 19:36 --------- d-------- C:\Program Files\Hamachi
2007-07-03 16:58 --------- d-------- C:\Program Files\Creative
2007-07-03 16:56 --------- d-------- C:\DOCUME~1\Todd\APPLIC~1\Creative
2007-07-03 16:41 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-03 14:42 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-10 20:36 88 -r-hs---- C:\WINDOWS\system32\55660DEB0C.sys
2007-06-10 20:32 476752 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\pswi_preloaded.exe
2006-08-19 21:21:39 5 --sha-w C:\WINDOWS\system32\ccbfe1_s.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2005-12-20 14:34]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-01-18 19:21]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-01-18 19:21]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 C:\WINDOWS\system32\CtHelper.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-30 20:57]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [2007-08-29 11:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]

C:\DOCUME~1\Todd\STARTM~1\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-05 15:08:45]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Todd^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Todd\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Link\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne]
C:\Program Files\Prevx1\PXConsole.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"nwiz"=nwiz.exe /install
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe"

R0 PrevxDriver;PREVX Kernel Mode Agent;C:\WINDOWS\system32\DRIVERS\pxfsf.sys
R1 PREVXTdi;PREVX TDI filter;C:\WINDOWS\system32\DRIVERS\pxtdi.sys
R1 PXRDDriver;PREVX Rootkitscan driver;C:\WINDOWS\system32\DRIVERS\pxrd.sys
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\system32\drivers\PfModNT.sys
R3 Alpham;Ideazon Merc Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 BYEUU;BYEUU;C:\DOCUME~1\Todd\LOCALS~1\Temp\BYEUU.exe
S3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
S3 PREVXEmulator;PREVX Emulator driver;C:\WINDOWS\system32\DRIVERS\PxEmu.sys
S3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\CTRun\Start.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fb0ab5b-035c-11db-94e4-806d6172696f}]
AutoRun\command- D:\ASUSACPI.exe


Contents of the 'Scheduled Tasks' folder
2007-08-31 20:17:43 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-31 20:17:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 14:33:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-01 14:36:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-01 14:36

--- E O F ---

Here's another HJT log (wasn't sure if you wanted one):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:51 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/downlo...om/default.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: BYEUU - Unknown owner - C:\DOCUME~1\Todd\LOCALS~1\Temp\BYEUU.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6156 bytes

Thanks again for being sooo quick with your responses!!

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 01 September 2007 - 01:58 PM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop BYEUU
sc delete BYEUU

Restart your pc.

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\55660DEB0C.sys
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\55660DEB0C.sys
Then click on 'Send File'.
Post the results into your next reply.

Then do exactly the same with the following if present:
C:\WINDOWS\system32\ccbfe1_s.dll
Post bot sets of results into your next reply please.

Also post a new Hijackthis log.
Posted Image
Posted Image

#7 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 01 September 2007 - 04:18 PM

Ran the fix.bat
- command prompt window opened
- no black flash
- command window disappeared
- Not sure if it did what it was supposed to do
- Restarted PC

Here are the results from jotti (i cut and pasted):

File: 55660DEB0C.sys
Status: OK
MD5: 5022984a24d4b4a88641d06c95abd042
Packers detected: -
Bit9 reports: File not found

Scan taken on 01 Sep 2007 21:04:19 (GMT)

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


File: ccbfe1_s.dll
Status: OK
MD5: e1b10d917ca35f0bccab57485d7914a7
Packers detected: -
Bit9 reports: File not found

Scan taken on 01 Sep 2007 21:12:35 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



New HJT Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:20 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/downlo...om/default.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6060 bytes


We sure are doing a lot of stuff!! :-)

Thanks for your help!

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 02 September 2007 - 04:54 AM

Disable Prevx1 or it may interfere:

1. Right click on the Prevx icon in your system tray at the bottom-right corner of your screen and choose Show Management Console..
2. On the Management Console click the Protection Level drop-down menu. You will see three levels:

Maximum
Off
User Defined


3. To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
4. Click the X on the upper right hand corner to exit the Management console.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#9 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 02 September 2007 - 12:54 PM

Nothing found! :thumbsup:

My friend who built my PC thought that I might have something called a "root-kit," or something to do with having my resources tapped by an outside source.

A lot of Programs still loading slow. I loaded various programs (clicked on them) to see how things were going, anywhere from Right Away to Not At All. Some programs had to be clicked twice. I have a list of the programs that I tried, if you want it, only 9 of them.

I tried loading programs from ObjectDock, Pinned to Start Menu, Start Menu -> All Programs, as well as through individual folders. Doesn't appear to me to be a common denominator.

I will say that some programs are loading up faster, though. And my Internet browsing seems to be faster too. (Probably suffering from the "Watched Pot" syndrome).

Here are the latest logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2007 at 08:38 AM

Application Version : 3.9.1008

Core Rules Database Version : 3298
Trace Rules Database Version: 1306

Scan type : Complete Scan
Total Scan Time : 00:19:16

Memory items scanned : 433
Memory threats detected : 0
Registry items scanned : 5053
Registry threats detected : 0
File items scanned : 25468
File threats detected : 0


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:55 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/downlo...om/default.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5917 bytes

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 02 September 2007 - 01:39 PM

Download GMER:
http://www.gmer.net/gmer.zip
Unzip it to the desktop and start GMER.exe
Click the "Rootkit" tab.
Make sure the "Show all" checkbox is unchecked and leave it that way.
Click the "Scan" button.
Once done, click the "Copy" button.
This will copy the results to your clipboard.
Paste the results into your next reply.
If you're having problems running GMER,try it in safe mode.
Posted Image
Posted Image

#11 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 02 September 2007 - 09:18 PM

Hey Richie,

Here's the result of the last scan. Had no problem running it in regular mode.

I tried to post the whole report, but the server said it was too long. I'm gonna try to post it in halves.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-02 22:11:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT pxfsf.sys ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory

INT 0x20 srescan.sys BA49C9E0

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C14 805039C8 18 Bytes [ 79, A8, 57, BA, 83, A8, 57, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C27 805039DB 5 Bytes [ BA, AB, A8, 57, BA ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C30 805039E4 6 Bytes [ 90, 06, BE, A8, BF, A8 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C37 805039EB 7 Bytes [ BA, C9, A8, 57, BA, D3, A8 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ F0, 91, BD, A8, 80, F4, BD, ... ]
.text ...
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified.
.text USBPORT.SYS!DllUnload BA09E62C 5 Bytes JMP 8A4211C8
? System32\Drivers\aqgi4zt9.SYS The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1436] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ]

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6C0AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6C0C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6C0B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6C1748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6C161E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A8BDD950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A8BDDE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A8BDDFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A8BDDAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A8BDDAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A8BDD950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A8BDDE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A8BDDFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A8BDD950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A8BDDFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A8BDDE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A8BDDAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A8BDDFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A8BDDE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A8BDD950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A8BDDAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A8BDD950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A8BDDE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A8BDDFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A8BDDFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A8BDDE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A8BDDAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A8BDD950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A8BDD950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A8BDDAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A8BDDFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A8BDDE70] \SystemRoot\System32\vsdatant.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01B67376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[984] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B673CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ExitThread] [630239E0] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [63052266] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6302397E] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [63052217] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [6304E3BE] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [63019D4D] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [6301992D] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [63052266] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6302397E] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [630239E0] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63052217] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [63023A6C] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [63023A94] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [610014A0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [63019B38] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [63019D4D] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [6304E3BE] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [6304D6E3] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [63052266] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6302397E] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [63023A94] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61001850] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [63019B38] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [63019D4D] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63052217] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61001890] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [63052299] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [6302377B] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [6301A2C1] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [6301971A] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [6301992D] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [63023A6C] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [6304E3BE] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [61001750] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowLongA] [610015B0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\PSAPI.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\PSAPI.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6302397E] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ExitThread] [630239E0] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [63019B38] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowLongW] [610015E0] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [63019D4D] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [61001570] C:\WINDOWS\system32\wbhelp2.dll
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ExitThread] [630239E0] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [63023A21] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63023900] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63023954] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63023AB9] C:\PROGRA~1\Ideazon\ZEngine\wbocx.ocx

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8A6591E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8A6591E8

(cont'd)

#12 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 02 September 2007 - 09:20 PM

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA585F40] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A7805FE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A7805BEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A78063D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A780667A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A780667A] amon.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [A8BEA8A0] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AB073220] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [AB072DD6] pxtdi.sys

Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8A4A21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8A4A21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8A4A21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A4A21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8A4A21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8A4A21E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8A4A21E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A65B1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A65B1E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 8A4181E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 8A4181E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8A4181E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A4181E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 8A4181E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8A4181E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 8A4181E8
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_CREATE [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_CREATE_NAMED_PIPE [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_CLOSE [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_READ [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_WRITE [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_QUERY_INFORMATION [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_SET_INFORMATION [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_QUERY_EA [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_SET_EA [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_FLUSH_BUFFERS [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_QUERY_VOLUME_INFORMATION [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_SET_VOLUME_INFORMATION [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_DIRECTORY_CONTROL [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_FILE_SYSTEM_CONTROL [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_DEVICE_CONTROL [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_SHUTDOWN [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_LOCK_CONTROL [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_CLEANUP [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_CREATE_MAILSLOT [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_QUERY_SECURITY [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_SET_SECURITY [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_POWER [BA6CF712] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_SYSTEM_CONTROL [BA6F22C8] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_DEVICE_CHANGE [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_QUERY_QUOTA [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_SET_QUOTA [BA6F5AD2] sptd.sys
Device \Driver\PCI_NTPNP6270 \Device\00000060 IRP_MJ_PNP [BA6F3238] sptd.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [A8BEA8A0] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AB073220] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [AB072DD6] pxtdi.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A6CD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A6CD1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8A40F7A0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8A40F7A0
Device \Driver\nvata \Device\00000083 IRP_MJ_CREATE 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_CREATE_NAMED_PIPE 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_CLOSE 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_READ 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_WRITE 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_QUERY_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_SET_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_QUERY_EA 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_SET_EA 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_FLUSH_BUFFERS 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_QUERY_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_SET_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_DIRECTORY_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_FILE_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_SHUTDOWN 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_LOCK_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_CLEANUP 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_CREATE_MAILSLOT 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_QUERY_SECURITY 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_SET_SECURITY 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_POWER 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_DEVICE_CHANGE 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_QUERY_QUOTA 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_SET_QUOTA 8A65A1E8
Device \Driver\nvata \Device\00000083 IRP_MJ_PNP 8A65A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 893C01E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 893C01E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 893C01E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 893C01E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 893C01E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 893C01E8
Device \Driver\nvata \Device\00000084 IRP_MJ_CREATE 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_CREATE_NAMED_PIPE 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_CLOSE 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_READ 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_WRITE 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_EA 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_EA 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_FLUSH_BUFFERS 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_DIRECTORY_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_FILE_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_SHUTDOWN 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_LOCK_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_CLEANUP 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_CREATE_MAILSLOT 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_SECURITY 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_SECURITY 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_POWER 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_DEVICE_CHANGE 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_QUOTA 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_QUOTA 8A65A1E8
Device \Driver\nvata \Device\00000084 IRP_MJ_PNP 8A65A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 893C01E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 893C01E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 893C01E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 893C01E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 893C01E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 893C01E8
Device \Driver\nvata \Device\00000086 IRP_MJ_CREATE 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_CREATE_NAMED_PIPE 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_CLOSE 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_READ 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_WRITE 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_QUERY_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_SET_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_QUERY_EA 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_SET_EA 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_FLUSH_BUFFERS 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_QUERY_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_SET_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_DIRECTORY_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_FILE_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_SHUTDOWN 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_LOCK_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_CLEANUP 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_CREATE_MAILSLOT 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_QUERY_SECURITY 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_SET_SECURITY 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_POWER 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_DEVICE_CHANGE 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_QUERY_QUOTA 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_SET_QUOTA 8A65A1E8
Device \Driver\nvata \Device\00000086 IRP_MJ_PNP 8A65A1E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [A8BEA8A0] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AB073220] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [AB072DD6] pxtdi.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{99F58CC0-43E8-4F3C-B8D1-61CAB500ACF2} IRP_MJ_CREATE 893C01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{99F58CC0-43E8-4F3C-B8D1-61CAB500ACF2} IRP_MJ_CLOSE 893C01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{99F58CC0-43E8-4F3C-B8D1-61CAB500ACF2} IRP_MJ_DEVICE_CONTROL 893C01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{99F58CC0-43E8-4F3C-B8D1-61CAB500ACF2} IRP_MJ_INTERNAL_DEVICE_CONTROL 893C01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{99F58CC0-43E8-4F3C-B8D1-61CAB500ACF2} IRP_MJ_CLEANUP 893C01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{99F58CC0-43E8-4F3C-B8D1-61CAB500ACF2} IRP_MJ_PNP 893C01E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [A8BEA8A0] vsdatant.sys

(gonna be more than 2 posts.)

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [AB073220] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [AB0733A8] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [AB072DD6] pxtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [AB072DD6] pxtdi.sys

Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8A4A21E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8A4A21E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8A4A21E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A4A21E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8A4A21E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8A4A21E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8A4A21E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 8A4181E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 8A4181E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8A4181E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A4181E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 8A4181E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8A4181E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 8A4181E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 8A65A1E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 8A65A1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 892571E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [A8BEA8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [A8BEA8A0] vsdatant.sys
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 8A65A1E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 8A65A1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 892571E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 892571E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 8A65A1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 8A65A1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A6CD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A6CD1E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91 IRP_MJ_CREATE 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91 IRP_MJ_CLOSE 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91 IRP_MJ_DEVICE_CONTROL 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91 IRP_MJ_POWER 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91 IRP_MJ_SYSTEM_CONTROL 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91 IRP_MJ_PNP 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91Port3Path0Target0Lun0 IRP_MJ_CREATE 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91Port3Path0Target0Lun0 IRP_MJ_CLOSE 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91Port3Path0Target0Lun0 IRP_MJ_POWER 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A3F21E8
Device \Driver\aqgi4zt9 \Device\Scsi\aqgi4zt91Port3Path0Target0Lun0 IRP_MJ_PNP 8A3F21E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8A0F17A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8A0F17A0

---- Registry - GMER 1.0.13 ----

Reg \Registry\USER\S-1-5-21-507921405-602162358-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x88 0x02 0xB1 0xB4 ...
Reg \Registry\USER\S-1-5-21-507921405-602162358-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xA5 0x3B 0xA8 0xC5 ...

---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\01\20-{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}-v1-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\18\18-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v18-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\19\19-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v19-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\20\20-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v20-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\21\21-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v21-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\21\21-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v21-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\21\21-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v21-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\21\21-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v21-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\22\22-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v22-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\22\22-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v22-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\22\22-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v22-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\22\22-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v22-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\23\23-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v23-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\23\23-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v23-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\23\23-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v23-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\23\23-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v23-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\24\24-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v24-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\24\24-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v24-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\24\24-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v24-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\24\24-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v24-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\25\25-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v25-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\25\25-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v25-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\25\25-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v25-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\25\25-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v25-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\26\26-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v26-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\26\26-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v26-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\26\26-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v26-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\26\26-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v26-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\27\27-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v27-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\27\27-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v27-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\27\27-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v27-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\27\27-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v27-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\28\28-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v28-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\28\28-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v28-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\28\28-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v28-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\28\28-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v28-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\29\29-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v29-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\29\29-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v29-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\29\29-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v29-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\29\29-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v29-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\30\30-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v30-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\30\30-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v30-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\30\30-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v30-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\30\30-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v30-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\31\31-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v31-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\31\31-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v31-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\31\31-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v31-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\31\31-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v31-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\32\32-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v32-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\32\32-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v32-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\32\32-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v32-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\32\32-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v32-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\33\33-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v33-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\33\33-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v33-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\33\33-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v33-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\33\33-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v33-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\34\34-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v34-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\34\34-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v34-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\34\34-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v34-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\34\34-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v34-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\35\35-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v35-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\35\35-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v35-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\35\35-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v35-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\35\35-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v35-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\36\36-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v36-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\36\36-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v36-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\36\36-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v36-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\36\36-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v36-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\37\37-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v37-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\37\37-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v37-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\37\37-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v37-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\37\37-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v37-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\38\38-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v38-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\38\38-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v38-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\38\38-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v38-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\38\38-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v38-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\39\39-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v39-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\39\39-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v39-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\39\39-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v39-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\39\39-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v39-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\40\40-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v40-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\40\40-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v40-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\40\40-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v40-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\40\40-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v40-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\41\41-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v41-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\41\41-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v41-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\41\41-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v41-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\42\42-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v42-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\42\42-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v42-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\42\42-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v42-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\42\42-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v42-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\43\43-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v43-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\43\43-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v43-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\43\43-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v43-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\43\43-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v43-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\44\44-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v44-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\44\44-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v44-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\44\44-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v44-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\44\44-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v44-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\45\45-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v45-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\45\45-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v45-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\45\45-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v45-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\45\45-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v45-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\46\46-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v46-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\46\46-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v46-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\46\46-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v46-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\46\46-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v46-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\47\47-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v47-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\47\47-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v47-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\47\47-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v47-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\48\48-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v48-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\48\48-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v48-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\48\48-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v48-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\49\49-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v49-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\49\49-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v49-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\49\49-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v49-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\50\50-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v50-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\50\50-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v50-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\50\50-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v50-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\81\81-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v81-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v81-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\81\81-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v81-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v81-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\81\81-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v81-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v81-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\82\82-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v82-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\82\82-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v82-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\83\83-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v83-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\83\83-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v83-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\84\84-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v84-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\84\84-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v84-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\85\85-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v85-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\85\85-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v85-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\91\191-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v191-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v191-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\92\192-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v192-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v192-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\madcow_963@hotmail.com\DFSR\Staging\CS{6A51DE7A-3ECD-80DB-B240-9BDEF59C8DF8}\95\190-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v95-{485B3458-8AFF-46EF-9AE3-CB82F16782AD}-v190-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\markjames264@hotmail.com\DFSR\Staging\CS{A7D9C7D8-5E58-D516-3365-7513E62D2DFD}\01\10-{A7D9C7D8-5E58-D516-3365-7513E62D2DFD}-v1-{57F05D93-1EA5-4445-90F2-A5BF5EA564B0}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\markjames264@hotmail.com\DFSR\Staging\CS{A7D9C7D8-5E58-D516-3365-7513E62D2DFD}\44\44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\markjames264@hotmail.com\DFSR\Staging\CS{A7D9C7D8-5E58-D516-3365-7513E62D2DFD}\44\44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\markjames264@hotmail.com\DFSR\Staging\CS{A7D9C7D8-5E58-D516-3365-7513E62D2DFD}\44\44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\markjames264@hotmail.com\DFSR\Staging\CS{A7D9C7D8-5E58-D516-3365-7513E62D2DFD}\44\44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.4
ADS C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Messenger\DocSatan717@hotmail.com\SharingMetadata\markjames264@hotmail.com\DFSR\Staging\CS{A7D9C7D8-5E58-D516-3365-7513E62D2DFD}\44\44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-{674AE0E0-E615-4EA6-844E-D16CC4E1C80F}-v44-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.13 ----

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 03 September 2007 - 02:46 AM

Nothing there to be concerned about.

Try the following.
Disconnect from the internet.
Click on Start>Run,type msconfig then press Enter.
Under the 'Startup' tab uncheck EVERYTHING,then reboot.
If your programs opening seem to be back up to speed,start adding items/entries back by rechecking the boxes one at a time.
Reboot in between each one.
Using trial and error,keep doing that until you find the problem program/process.
*Note*
Don't forget to make sure your antivirus and firewall are running before you reconnect to the internet.
Posted Image
Posted Image

#14 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 03 September 2007 - 08:52 AM

OK Richie, I'll do that. Thanks again for all of your help.

You're the greatest!! :thumbsup:

#15 DocSatan

DocSatan

    Bleepin' Wanna-Be

  • Topic Starter

  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:13 PM

Posted 03 September 2007 - 09:33 AM

When I went in to my Network Connection, I noticed that I have 5 connection Icons, with 3 of them connected.

1394 Connection
Connected
1394 Net Adapter #2

1394 Connection 2
Connected
1394 Net Adapter

Local Area Connection 2
Disabled
Marvell Yukon 88E800/8003/80 10 PCI
Gigabit Ethernet Controller

Hamachi
Disabled
Hamachi Network Interface

Local Area Connection 3
Connected
NVIDIA nForce Networking Controller

I used to have a Wireless Router, but removed the router when I suspected someone had hacked it.

Is this normal?
Can I permanently disable any of the ones "connected?"

Haven't tried you last post-suggestion yet.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users