Generic Host Process for Win32 Services has encountered a problem and needs to close.

disto · 10-03-2007, 06:35 AM

After the message is shown, my pc will be disconnected from the internet and i need to restart to connect again,

thanks everyone!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:11 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\EPSETUP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B}: NameServer = 58.69.254.4 58.69.254.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B}: NameServer = 58.69.254.4 58.69.254.7
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 3975 bytes

Ried · 10-03-2007, 07:39 AM

Hello disto,

I'd like to see a more comprehensive set of logs. As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log:

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

disto · 10-04-2007, 08:49 AM

Thanks for the reminder.

Sorry if i haven't posted it like this earlier, I saw post like the one above and assumed that it's ok. Sorry again.

Anyway, here is main.txt:

Deckard's System Scanner v20070905.67
Run by Bodie on 2007-10-04 23:38:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
16: 2007-10-04 15:39:02 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2007-10-03 14:03:22 UTC - RP15 - Installed Java(TM) 6 Update 3
14: 2007-10-02 09:41:28 UTC - RP14 - System Checkpoint
13: 2007-10-01 08:07:35 UTC - RP13 - System Checkpoint
12: 2007-09-30 06:57:27 UTC - RP12 - System Checkpoint

-- First Restore Point --
1: 2007-09-23 15:31:59 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).

-- HijackThis (run as Bodie.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:51 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Bodie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bodie.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B}: NameServer = 58.69.254.4 58.69.254.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B}: NameServer = 58.69.254.4 58.69.254.7
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 4471 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_20D514F1&REV_01\3&267A616A&0&48
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_20D514F1&REV_01\3&267A616A&0&48
Service:

-- Files created between 2007-09-04 and 2007-10-04 -----------------------------

2007-10-03 22:09:54 0 d-------- C:\Documents and Settings\Bodie\.housecall6.6
2007-10-03 22:09:15 0 d-------- C:\WINDOWS\Sun
2007-10-03 22:09:15 0 d-------- C:\Documents and Settings\Bodie\Application Data\Sun
2007-10-03 22:07:43 0 d-------- C:\Program Files\Java
2007-10-03 22:03:28 0 d-------- C:\Program Files\Common Files\Java
2007-10-03 22:00:49 659 --a------ C:\WINDOWS\mozver.dat
2007-10-03 21:33:05 0 d-------- C:\Program Files\Trend Micro
2007-10-02 23:34:49 0 d-------- C:\Program Files\EPSON
2007-10-02 23:03:14 183 --a------ C:\Documents and Settings\Bodie\Desktop(4)
2007-09-26 22:10:51 72 --a------ C:\Documents and Settings\Bodie\Desktop(3)
2007-09-26 22:10:45 72 --a------ C:\Documents and Settings\Bodie\Desktop(2)
2007-09-26 22:09:47 0 d-------- C:\Documents and Settings\Bodie\Application Data\WinRAR
2007-09-26 21:22:40 0 d-------- C:\Program Files\eMule
2007-09-25 22:45:17 0 d-------- C:\Program Files\ReflexiveArcade
2007-09-25 12:31:29 0 d-------- C:\Documents and Settings\Bodie\Application Data\Adobe
2007-09-24 23:39:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-24 23:38:28 0 d-------- C:\Program Files\Yahoo!
2007-09-24 23:16:28 0 d-------- C:\Program Files\MegauploadToolbar
2007-09-24 23:16:28 0 d-------- C:\Documents and Settings\Bodie\Application Data\MegauploadToolbar
2007-09-24 23:15:57 0 d-------- C:\Documents and Settings\Bodie\Application Data\Media Player Classic
2007-09-24 22:42:26 0 d-------- C:\Documents and Settings\Bodie\Application Data\Macromedia
2007-09-24 22:34:08 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-24 22:34:06 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-09-24 22:34:06 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-09-24 22:34:05 564224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-09-24 22:34:05 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-09-24 22:34:05 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-09-24 22:34:05 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-09-24 22:34:04 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-24 22:34:04 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-24 22:34:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-24 22:34:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-24 22:34:03 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-24 22:34:02 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-24 22:33:59 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-24 22:33:59 0 d-------- C:\Documents and Settings\Bodie\Application Data\Real
2007-09-24 22:33:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-09-24 22:28:49 0 d-------- C:\Program Files\Webteh
2007-09-24 22:18:50 0 d-------- C:\Documents and Settings\Bodie\Application Data\Talkback
2007-09-24 22:18:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-24 22:18:39 0 d-------- C:\Documents and Settings\Bodie\Application Data\Mozilla
2007-09-24 22:16:51 0 d-------- C:\Program Files\uTorrent
2007-09-24 22:16:46 0 d-------- C:\Documents and Settings\Bodie\Application Data\uTorrent
2007-09-24 22:16:38 0 d-------- C:\Program Files\CCleaner
2007-09-24 22:08:19 0 d---s---- C:\Documents and Settings\Bodie\UserData
2007-09-24 22:03:28 0 d-------- C:\Program Files\Alwil Software
2007-09-24 22:01:30 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-09-24 22:01:30 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-09-24 22:01:30 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-09-24 22:01:30 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-09-24 22:01:30 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-09-24 22:01:30 0 d-------- C:\Program Files\Common Files\Ahead
2007-09-24 22:01:26 0 d-------- C:\Program Files\Ahead
2007-09-24 21:58:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-24 21:58:19 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-24 21:57:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-24 21:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-24 21:23:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-24 21:23:36 0 d-------- C:\WINDOWS\SHELLNEW
2007-09-24 21:22:25 0 dr-h----- C:\MSOCache
2007-09-24 21:21:32 0 d-------- C:\Program Files\DAEMON Tools
2007-09-24 21:07:44 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-24 21:00:04 0 d-------- C:\Program Files\AMD
2007-09-24 20:58:20 0 d-------- C:\Program Files\VIA
2007-09-24 20:48:02 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2007-09-24 20:48:02 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2007-09-24 20:48:02 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-09-24 20:48:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-24 20:48:02 0 d-------- C:\Program Files\C-Media 3D Audio
2007-09-24 20:47:44 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-24 20:46:37 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-09-24 20:46:14 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-09-24 20:46:05 0 d-------- C:\Documents and Settings\Bodie\WINDOWS
2007-09-24 20:45:52 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-09-24 06:59:13 0 d--hs---- C:\WINDOWS\Installer
2007-09-24 06:59:12 0 d-------- C:\Program Files\Common Files\ODBC
2007-09-24 06:59:09 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-24 06:59:08 0 dr------- C:\Program Files
2007-09-24 06:59:08 0 d-------- C:\Program Files\Common Files
2007-09-24 06:58:36 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-09-24 06:58:36 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-09-24 06:58:36 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-09-24 06:58:36 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-09-24 06:58:36 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-09-24 06:58:36 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-09-24 06:58:36 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-09-24 06:58:36 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-09-24 06:58:36 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-09-24 06:58:36 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-09-24 06:58:36 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-09-24 06:58:36 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-09-24 06:58:36 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-09-24 06:58:36 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-09-24 06:58:36 0 dr------- C:\Documents and Settings\All Users\Documents
2007-09-24 06:58:36 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-09-24 06:58:20 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-09-24 06:58:20 0 d-------- C:\WINDOWS\system32\CatRoot
2007-09-24 06:58:14 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-09-24 06:58:14 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-09-24 06:58:14 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-09-24 06:58:14 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-09-24 06:57:47 0 d-------- C:\Documents and Settings
2007-09-24 06:53:34 0 d--hs---- C:\System Volume Information
2007-09-24 06:52:16 0 d-------- C:\WINDOWS
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\WinSxS
2007-09-24 06:52:16 0 dr------- C:\WINDOWS\Web
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\twain_32
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\wins
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\wbem
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\usmt
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\spool
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\ShellExt
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\Setup
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\ras
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\oobe
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\npp
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\mui
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\inetsrv
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\IME
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\icsxml
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\ias
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\export
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\drivers
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-09-24 06:52:16 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\dhcp
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\config
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\3076
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\2052
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1054
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1042
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1041
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1037
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1033
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1031
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1028
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system32\1025
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\system
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\security
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Resources
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\repair
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Provisioning
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\PeerNet
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\pchealth
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\mui
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\msapps
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\msagent
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Media
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\java
2007-09-24 06:52:16 0 d--h----- C:\WINDOWS\inf
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\ime
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Help
2007-09-24 06:52:16 0 dr--s---- C:\WINDOWS\Fonts
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\ehome
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Driver Cache
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Debug
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Cursors
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Connection Wizard
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\Config
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\AppPatch
2007-09-24 06:52:16 0 d-------- C:\WINDOWS\addins
2007-09-23 23:31:44 0 d-------- C:\Documents and Settings\Bodie\Application Data\Identities
2007-09-23 23:31:34 0 d--h----- C:\Documents and Settings\Bodie\Templates
2007-09-23 23:31:34 0 dr------- C:\Documents and Settings\Bodie\Start Menu
2007-09-23 23:31:34 0 dr-h----- C:\Documents and Settings\Bodie\SendTo
2007-09-23 23:31:34 0 dr-h----- C:\Documents and Settings\Bodie\Recent
2007-09-23 23:31:34 0 d--h----- C:\Documents and Settings\Bodie\PrintHood
2007-09-23 23:31:34 2097152 --ah----- C:\Documents and Settings\Bodie\NTUSER.DAT
2007-09-23 23:31:34 0 d--h----- C:\Documents and Settings\Bodie\NetHood
2007-09-23 23:31:34 0 dr------- C:\Documents and Settings\Bodie\My Documents
2007-09-23 23:31:34 0 d--h----- C:\Documents and Settings\Bodie\Local Settings
2007-09-23 23:31:34 0 dr------- C:\Documents and Settings\Bodie\Favorites
2007-09-23 23:31:34 0 d-------- C:\Documents and Settings\Bodie\Desktop
2007-09-23 23:31:34 0 d---s---- C:\Documents and Settings\Bodie\Cookies
2007-09-23 23:31:34 0 dr-h----- C:\Documents and Settings\Bodie\Application Data
2007-09-23 23:30:18 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-09-23 23:30:17 0 d-------- C:\WINDOWS\Prefetch
2007-09-23 23:30:16 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-09-23 23:30:15 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-09-23 23:30:15 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-09-23 23:30:15 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-09-23 23:30:15 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-09-23 23:30:15 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-09-23 23:27:43 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-09-23 23:27:43 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-09-23 23:27:43 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-09-23 23:27:43 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-09-23 23:27:42 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-09-23 23:23:55 0 d-------- C:\WINDOWS\system32\xircom
2007-09-23 23:23:54 0 d-------- C:\Program Files\microsoft frontpage
2007-09-23 23:23:39 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-09-23 23:23:31 0 -rahs---- C:\MSDOS.SYS
2007-09-23 23:23:31 0 -rahs---- C:\IO.SYS
2007-09-23 23:23:31 0 --a------ C:\CONFIG.SYS
2007-09-23 23:23:31 0 --a------ C:\AUTOEXEC.BAT
2007-09-23 23:22:19 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-09-23 23:22:06 0 dr------- C:\WINDOWS\Offline Web Pages
2007-09-23 23:22:05 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-09-23 23:21:52 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-23 23:21:27 0 d-------- C:\WINDOWS\system32\DirectX
2007-09-23 23:20:43 0 d---s---- C:\WINDOWS\Tasks
2007-09-23 23:20:42 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-23 23:20:37 0 d-------- C:\WINDOWS\srchasst
2007-09-23 23:20:36 0 d-------- C:\WINDOWS\system32\Macromed
2007-09-23 23:20:27 0 d-------- C:\Program Files\Movie Maker
2007-09-23 23:20:15 0 d-------- C:\WINDOWS\system32\Restore
2007-09-23 23:19:29 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-09-23 23:19:12 0 d-------- C:\WINDOWS\Registration
2007-09-23 23:19:05 0 d-------- C:\Program Files\Online Services
2007-09-23 23:18:56 0 d-------- C:\Program Files\Messenger
2007-09-23 23:18:51 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-23 23:18:00 0 d-------- C:\Program Files\Windows NT
2007-09-23 23:17:56 0 d-------- C:\WINDOWS\system32\MsDtc
2007-09-23 23:17:54 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2007-09-24 06:58:36 62 --ahs---- C:\Documents and Settings\Bodie\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [06/20/2005 06:53 PM]
"VTTimer"="VTTimer.exe" [10/22/2004 11:53 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [10/12/2004 06:00 AM C:\WINDOWS\system32\VTTrayp.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [01/14/2004 02:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 06:29 AM]

C:\Documents and Settings\Bodie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

-- End of Deckard's System Scanner: finished at 2007-10-04 23:41:38 ------------

Ried · 10-04-2007, 07:33 PM

Thank you, disto.

Download & run this > http://72.52.136.82/sectools/sUBs/FDSV_netapi32.dll.exe

Please post the log that's produced.

disto · 10-05-2007, 08:15 AM

Thanks again! Here is Log.txt:

0x00000000 Microsoft Windows Publisher C:\WINDOWS\system32\netapi32.dll

0x00000000 Microsoft Windows Publisher C:\WINDOWS\system32\dllcache\netapi32.dll

Ried · 10-05-2007, 09:37 AM

Please download SREng.

**You may receive a message "The bandwidth limit for this site has been exceeded", please keep trying--eventually you'll get through.

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Don't post it.

You may have to rename SREngLOG.log to SREngLOG.txt to upload it.

------------------------------------------------------------------------

Also, let's see if a rootkit scan reveals anything. Download it from here or here.

Extract the contents of the zipped file to desktop.
Disconnect from internet and close all running programs.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
Then click the Scan button & wait for it to finish.

Once done click the Save button & save the log to your desktop. Post it in your next reply

disto · 10-05-2007, 08:07 PM

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-06 10:57:41
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F711F62C 5 Bytes JMP 841881C8
? System32\Drivers\anugnykj.SYS The system cannot find the file specified.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73CEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73CEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73CEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73CF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73CF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73E3ACA] sptd.sys

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8436C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8436C1E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [ED0B1F76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [ED0B0812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [ED0B0812] aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F77862C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F77868E6] aswTdi.SYS

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 841871E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 841871E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8436E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8436E1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 841871E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 841871E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 8410E1E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 8410E1E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 8410E1E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8410E1E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 8410E1E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 8410E1E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 8410E1E8

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F77862C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F77868E6] aswTdi.SYS

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 843DC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 841891E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 843DB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 843DB1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 841891E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 841891E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 840E11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 840E11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 840E11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5413097B-85D1-4ECE-B0C2-340BBC0279F8} IRP_MJ_CREATE 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5413097B-85D1-4ECE-B0C2-340BBC0279F8} IRP_MJ_CLOSE 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5413097B-85D1-4ECE-B0C2-340BBC0279F8} IRP_MJ_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5413097B-85D1-4ECE-B0C2-340BBC0279F8} IRP_MJ_INTERNAL_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5413097B-85D1-4ECE-B0C2-340BBC0279F8} IRP_MJ_CLEANUP 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5413097B-85D1-4ECE-B0C2-340BBC0279F8} IRP_MJ_PNP 840E11E8
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_CREATE [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_CREATE_NAMED_PIPE [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_CLOSE [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_READ [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_WRITE [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_QUERY_INFORMATION [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_SET_INFORMATION [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_QUERY_EA [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_SET_EA [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_FLUSH_BUFFERS [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_QUERY_VOLUME_INFORMATION [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_SET_VOLUME_INFORMATION [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_DIRECTORY_CONTROL [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_FILE_SYSTEM_CONTROL [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_DEVICE_CONTROL [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_INTERNAL_DEVICE_CONTROL [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_SHUTDOWN [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_LOCK_CONTROL [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_CLEANUP [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_CREATE_MAILSLOT [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_QUERY_SECURITY [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_SET_SECURITY [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_POWER [F73DD712] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_SYSTEM_CONTROL [F74002C8] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_DEVICE_CHANGE [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_QUERY_QUOTA [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_SET_QUOTA [F7403AD2] sptd.sys
Device \Driver\PCI_NTPNP3612 \Device\0000003f IRP_MJ_PNP [F7401238] sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 840E11E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 840E11E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 840E11E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 840E11E8

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F77862C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F77862C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F77868E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F77868E6] aswTdi.SYS

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 841871E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 841871E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 840EB1E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 841871E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B} IRP_MJ_CREATE 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B} IRP_MJ_CLOSE 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B} IRP_MJ_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B} IRP_MJ_INTERNAL_DEVICE_CONTROL 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B} IRP_MJ_CLEANUP 840E11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B} IRP_MJ_PNP 840E11E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 840EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 840EB1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 841871E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 841871E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 841871E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 841871E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 841871E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 8410E1E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 8410E1E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 8410E1E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8410E1E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 8410E1E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 8410E1E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 8410E1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 843DC1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 843DC1E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1 IRP_MJ_CREATE 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1 IRP_MJ_CLOSE 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1 IRP_MJ_DEVICE_CONTROL 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1 IRP_MJ_INTERNAL_DEVICE_CONTROL 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1 IRP_MJ_POWER 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1 IRP_MJ_SYSTEM_CONTROL 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1 IRP_MJ_PNP 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1Port3Path0Target0Lun0 IRP_MJ_CREATE 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1Port3Path0Target0Lun0 IRP_MJ_CLOSE 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1Port3Path0Target0Lun0 IRP_MJ_POWER 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 840B91E8
Device \Driver\anugnykj \Device\Scsi\anugnykj1Port3Path0Target0Lun0 IRP_MJ_PNP 840B91E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_CREATE 8436D1E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_CLOSE 8436D1E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_DEVICE_CONTROL 8436D1E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8436D1E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_POWER 8436D1E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_SYSTEM_CONTROL 8436D1E8
Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_PNP 8436D1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 840167A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 840167A0

---- EOF - GMER 1.0.13 ----

Ried · 10-05-2007, 09:27 PM

I'd really like to see the SREngLOG.log. Please refer to my previous instructions and post that here.

disto · 10-06-2007, 02:29 AM

I'm so sorry I forgot to attach it.

Attached is SREngLOG.txt

Thank you!

Ried · 10-06-2007, 06:45 AM

Thanks.

I'm not seeing anything in any of these reports. Let's begin with the basics--do you have all Critical Windows Updates installed?

Click the green Windows Start button, then right click 'My Computer'

Click Properties> Automatic Updates tab
Choose 'Turn off Automatic Updates'
Reboot your computer
Go back to Start menu >All Programs
Select 'Windows Update' to manually update Windows. (Please ensure you are connected to the internet)

Any improvement?

disto · 10-07-2007, 07:00 AM

it still shows the same error

Ried · 10-07-2007, 07:27 AM

Do you have your Windows Firewall turned on?

Or, install a third party Firewall

Here are 2 very good free Firewalls, select one:

Do not install more than one firewall program as they will conflict with each other.

disto · 10-07-2007, 09:54 AM

My Windows Firewall is turened on

Ried · 10-07-2007, 07:09 PM

Let's try invoking Windows File Protection.

Click Start>Run and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files. This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy.

Please let me know if you were prompted for the disc, and if so, is there any improvement.

disto · 10-08-2007, 01:25 AM

I was prompted to insert the disk but the same error message appears.

Ried · 10-08-2007, 06:36 AM

My apologies, but I need to ask--did you insert the Windows Install disc?

If so, we'll do one more check before I send you off to the folks in the Windows XP section.

Hopefully you can stay connected long enough to complete this online scan:

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

disto · 10-09-2007, 06:09 AM

i think it got worse when i ran sfc because i get disconnected within 2 minutes unlike before, 22mins.

i dont it can complete the online scan.

thanks for the continuous help! :D

disto · 10-09-2007, 08:23 AM

Yey! Finished online scan. Internet connection lasted for about an hour or so before it displayed the error message/

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 09, 2007 11:14:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 9/10/2007
Kaspersky Anti-Virus database records: 429869
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 34782
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:44:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\cert8.db Object is locked skipped
C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\history.dat Object is locked skipped
C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\key3.db Object is locked skipped
C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\parent.lock Object is locked skipped
C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Bodie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\176F2B24d01 Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Temp\Perflib_Perfdata_f48.dat Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Temp\~DF1A3D.tmp Object is locked skipped
C:\Documents and Settings\Bodie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bodie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bodie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\acer.err Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Bodie.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Bodie.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Bodie.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{77160C6E-BFF5-4692-B07D-10D6761AB316}\RP16\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib10 Object is locked skipped
C:\WINDOWS\Temp\ib8 Object is locked skipped
C:\WINDOWS\Temp\ib9 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_10c.dat Object is locked skipped

Scan process completed.

Ried · 10-09-2007, 08:55 AM

Clean as a whistle.

There are 2 updates in particular that address this issue. I know you've updated Windows, but please double check that you've obtained these 2:

KB894391

KB921883

disto · 10-12-2007, 09:49 AM

Yey! It's ok now.
Thanks for your help!

You're great!

10-03-2007, 06:35 AM	#1 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Generic Host Process for Win32 Services has encountered a problem and needs to close. After the message is shown, my pc will be disconnected from the internet and i need to restart to connect again, thanks everyone! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:33:11 PM, on 10/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\EPSETUP.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B}: NameServer = 58.69.254.4 58.69.254.7 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A4F4156-C3C7-4635-B13E-FFB359AD8D5B}: NameServer = 58.69.254.4 58.69.254.7 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 3975 bytes

10-03-2007, 07:39 AM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Hello disto, I'd like to see a more comprehensive set of logs. As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log: Download Deckard's System Scanner (DSS) to your Desktop. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. Please include the following in your next reply: main.txt an attached extra.txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-04-2007, 07:33 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Thank you, disto. Download & run this > http://72.52.136.82/sectools/sUBs/FDSV_netapi32.dll.exe Please post the log that's produced. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-05-2007, 08:15 AM	#5 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Thanks again! Here is Log.txt: 0x00000000 Microsoft Windows Publisher C:\WINDOWS\system32\netapi32.dll 0x00000000 Microsoft Windows Publisher C:\WINDOWS\system32\dllcache\netapi32.dll

10-05-2007, 09:37 AM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Please download SREng. You may receive a message "The bandwidth limit for this site has been exceeded", please keep trying--eventually you'll get through. 1. Extract it to Desktop & double click SREng.exe to run it 2. Select 'Smart Scan' & tick "Verify Digital Signatures" 3. Click on the [Scan] button 4. When finished, click on the [Save Reports] button & save the log to Desktop 5. Attach the log in your next reply. Don't post it. You may have to rename SREngLOG.log to SREngLOG.txt to upload it. ------------------------------------------------------------------------ Also, let's see if a rootkit scan reveals anything. Download it from here or here*. Extract the contents of the zipped file to desktop. Disconnect from internet and close all running programs. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent. Then click the Scan button & wait for it to finish. Once done click the Save button & save the log to your desktop. Post it in your next reply __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 10-05-2007 at 09:47 AM.*

10-05-2007, 09:27 PM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl I'd really like to see the SREngLOG.log. Please refer to my previous instructions and post that here. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-06-2007, 06:45 AM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Thanks. I'm not seeing anything in any of these reports. Let's begin with the basics--do you have all Critical Windows Updates installed? Click the green Windows Start button, then right click 'My Computer' Click Properties> Automatic Updates tab Choose 'Turn off Automatic Updates' Reboot your computer Go back to Start menu >All Programs Select 'Windows Update' to manually update Windows. (Please ensure you are connected to the internet) Any improvement? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-07-2007, 07:00 AM	#11 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl it still shows the same error

10-07-2007, 07:27 AM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Do you have your Windows Firewall turned on? Or, install a third party Firewall Here are 2 very good free Firewalls, select one: Do not install more than one firewall program as they will conflict with each other. Comodo Personal Firewall ZoneAlarm __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-07-2007, 09:54 AM	#13 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl My Windows Firewall is turened on

10-07-2007, 07:09 PM	#14 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Let's try invoking Windows File Protection. Click Start>*Run* and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files. This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy. Please let me know if you were prompted for the disc, and if so, is there any improvement. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-08-2007, 01:25 AM	#15 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl I was prompted to insert the disk but the same error message appears.

10-08-2007, 06:36 AM	#16 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl My apologies, but I need to ask--did you insert the Windows Install disc? If so, we'll do one more check before I send you off to the folks in the Windows XP section. Hopefully you can stay connected long enough to complete this online scan: Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-09-2007, 06:09 AM	#17 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl i think it got worse when i ran sfc because i get disconnected within 2 minutes unlike before, 22mins. i dont it can complete the online scan. thanks for the continuous help! :D

10-09-2007, 08:23 AM	#18 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Yey! Finished online scan. Internet connection lasted for about an hour or so before it displayed the error message/ ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, October 09, 2007 11:14:56 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 9/10/2007 Kaspersky Anti-Virus database records: 429869 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 34782 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:44:45 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\cert8.db Object is locked skipped C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\history.dat Object is locked skipped C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\key3.db Object is locked skipped C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\parent.lock Object is locked skipped C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\search.sqlite Object is locked skipped C:\Documents and Settings\Bodie\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Bodie\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\176F2B24d01 Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Application Data\Mozilla\Firefox\Profiles\8h79ig4y.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Temp\Perflib_Perfdata_f48.dat Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Temp\~DF1A3D.tmp Object is locked skipped C:\Documents and Settings\Bodie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Bodie\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Bodie\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\acer.err Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\billing_Bodie.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\client_Bodie.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\network_Bodie.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{77160C6E-BFF5-4692-B07D-10D6761AB316}\RP16\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ib10 Object is locked skipped C:\WINDOWS\Temp\ib8 Object is locked skipped C:\WINDOWS\Temp\ib9 Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_10c.dat Object is locked skipped Scan process completed.

10-09-2007, 08:55 AM	#19 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,952 OS: WinXP and Vista	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Clean as a whistle. There are 2 updates in particular that address this issue. I know you've updated Windows, but please double check that you've obtained these 2: KB894391 KB921883 __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

10-12-2007, 09:49 AM	#20 (permalink)
disto Registered User Join Date: Sep 2007 Posts: 15 OS: XP SP2	Re: Generic Host Process for Win32 Services has encountered a problem and needs to cl Yey! It's ok now. Thanks for your help! You're great!