Author Topic: 2nd Harddrive problem  (Read 20559 times)

0 Members and 1 Guest are viewing this topic.

GrahamE

  • Guest
2nd Harddrive problem
« on: November 15, 2007, 09:54:37 PM »
Hi everyone,

I don't know if anyone will be able to help me with this...

Just recently, when scanning with Avast (standard or thorough), the scan hangs/freezes. It's done it when it reached C\RECYCLER and on Zone Alarm files. If I try to stop the scanner, I get the 'egg-timer' and I have to close the interface using the Task Manager. Only Avast is affected, the rest of the PC functions normally.

The only thing I've altered on the PC recently is to add a 2nd Harddrive, formatted as a Basic NTFS drive, to be used for storage (no OS). I've added no data to the drive yet. Thinking this might be the problem, I disabled the new drive in the bios, and indeed, Avast then functions as normal. Having enabled the new drive again, I find that Avast won't scan it using the context menu either. It gets to '3 files scanned' and hangs. The only thing in there are a couple of 'hidden files', namely RECYCLER (85 bytes) and System Volume Information ('folder is empty'). In properties, the drive apparently has 65.6MB in it, which made no sense to me (85 bytes + 'empty' = 65.6MB???)

Has anyone got any idea where I've gone wrong with this drive, and why it's causing problems for Avast?

Many thanks for any help.  :)

Graham.


(XP Pro, Avast 4.7.1043, 071114-0)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11812
    • AVAST Software
Re: 2nd Harddrive problem
« Reply #1 on: November 15, 2007, 10:10:51 PM »
Strange...
Do you have archive scanning enabled? (if you scan from the Simple User Interface)

When the program is frozen, please try to create a dump. The description is here:
http://forum.avast.com/index.php?topic=27240.msg222376#msg222376
The only difference will be that you want to dump a different process; if you are scanning from the context menu, it would be:
userdump.exe ashQuick.exe c:\ashquick.dmp

For Simple UI it would be:
userdump.exe ashSimpl.exe c:\ashsimple.dmp

Thanks.

GrahamE

  • Guest
Re: 2nd Harddrive problem
« Reply #2 on: November 16, 2007, 01:21:18 AM »
Strange...
Do you have archive scanning enabled? (if you scan from the Simple User Interface)

I've tried standard and thorough scans, with and without achive scanning, and the result is the same.

When the program is frozen, please try to create a dump. The description is here:
http://forum.avast.com/index.php?topic=27240.msg222376#msg222376
The only difference will be that you want to dump a different process; if you are scanning from the context menu, it would be:
userdump.exe ashQuick.exe c:\ashquick.dmp

For Simple UI it would be:
userdump.exe ashSimpl.exe c:\ashsimple.dmp

I'm sorry, I don't fully understand how to do this. Is this right:
1. download and save 'userdump.exe'
2. scan with avast until it freezes
3. once frozen, run the downloaded file.

When you say use the following parameters... (which will be replaced by 'userdump.exe ashSimpl.exe c:\ashsimple.dmp' if I'm scanning using the main program and not context)... where do I enter these details?


Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11812
    • AVAST Software
Re: 2nd Harddrive problem
« Reply #3 on: November 16, 2007, 01:29:41 AM »
Suppose you save the userdump.exe file into C:\
Then, when Simple UI is frozen, select "Run..." from Windows start menu (or press Win+R) and enter the following into the box:
C:\userdump.exe ashSimpl.exe c:\ashsimple.dmp

Then, we'd be interested in the c:\ashsimple.dmp file, of course.

GrahamE

  • Guest
Re: 2nd Harddrive problem
« Reply #4 on: November 16, 2007, 02:02:23 AM »
Hi Igor,

I've created the dmp file and zipped it, but unfortunately, I now find that I don't know how to upload it to ftp://ftp.avast.com/incoming, sorry!  :-[

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86545
  • No support PMs thanks
Re: 2nd Harddrive problem
« Reply #5 on: November 16, 2007, 03:25:13 AM »
To Upload them to ftp://ftp.avast.com/incoming - First Connect to the link (just click it in your browser, use IE or clone, might be best I can't get firefox to work) and drag the zip file from windows explorer into the Right pane and drop it, that starts the upload, you don't have read access to this folder.

I don't know what you have called the zip file but it might help to call it say GrahamMemDmp.zip so that it can be identified as coming from you, just in case there happens to be any other ashsimpl.zip uploaded (probably not but a good habit to get into)
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

martosurf

  • Guest
Re: 2nd Harddrive problem
« Reply #6 on: November 16, 2007, 05:18:32 AM »
GrahamE are you having this problem only with avast! or other software is affected as well?

Please correct me if I'm wrong but usually this type of lockups are related with IRQs & DMAs conflicts.

GrahamE

  • Guest
Re: 2nd Harddrive problem
« Reply #7 on: November 16, 2007, 11:47:30 AM »
To Upload them to ftp://ftp.avast.com/incoming - First Connect to the link (just click it in your browser, use IE or clone, might be best I can't get firefox to work) and drag the zip file from windows explorer into the Right pane and drop it, that starts the upload, you don't have read access to this folder.

I don't know what you have called the zip file but it might help to call it say GrahamMemDmp.zip so that it can be identified as coming from you, just in case there happens to be any other ashsimpl.zip uploaded (probably not but a good habit to get into)

Hi David,

My confusion arose because when I clicked on the link, a plain white page with "to view this FTP page in Windows Explorer, click 'page' and then 'open FTP site in Windows Explorer'". Having done that I was faced with an empty page with no instructions. Your picture was all the explanation I needed, and I've uploaded it now ("GrahamE avastdmp.zip").

Thanks as always, for your help.  :)

GrahamE

  • Guest
Re: 2nd Harddrive problem
« Reply #8 on: November 16, 2007, 11:58:53 AM »
GrahamE are you having this problem only with avast! or other software is affected as well?

Please correct me if I'm wrong but usually this type of lockups are related with IRQs & DMAs conflicts.

As far as I know so far, nothing else is affected. I tried to search for and understand IRQ's and DMA's and can't answer you I'm afraid. I did notice in 'Disk Management' that both my existing HDD and the new one are both 'primary drives'. Is that right?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86545
  • No support PMs thanks
Re: 2nd Harddrive problem
« Reply #9 on: November 16, 2007, 02:43:48 PM »
Hi David,
<snip>
Your picture was all the explanation I needed, and I've uploaded it now ("GrahamE avastdmp.zip").

Thanks as always, for your help.  :)

Your welcome, hopefully Igor will be able to get on the case now.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11812
    • AVAST Software
Re: 2nd Harddrive problem
« Reply #10 on: November 16, 2007, 02:52:47 PM »
There is nothing really suspicious in this dump - avast! seems to be scanning, or in particular opening a file (so the program is actually stuck somewhere in kernel code responsible for file opening - which is an information that is not present in this kind of dump).

To find why it's stuck in kernel, we would need the kernel dump ("bluescreen"). However, the filename being opened got some hits on google... could you please try to run a rootkit scanner (e.g. GMER) on your machine?

GrahamE

  • Guest
Re: 2nd Harddrive problem
« Reply #11 on: November 16, 2007, 05:11:22 PM »
There is nothing really suspicious in this dump - avast! seems to be scanning, or in particular opening a file (so the program is actually stuck somewhere in kernel code responsible for file opening - which is an information that is not present in this kind of dump).

To find why it's stuck in kernel, we would need the kernel dump ("bluescreen"). However, the filename being opened got some hits on google... could you please try to run a rootkit scanner (e.g. GMER) on your machine?

Igor, I'd already run AVG and Panda anti-rootkit scanners prior to posting on here, and both came up with nothing. I've done a scan now with gmer, and it has a long list in it that means nothing to me at all. What do I do, save the log and post it here? Thanks  :)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11812
    • AVAST Software
Re: 2nd Harddrive problem
« Reply #12 on: November 16, 2007, 05:15:06 PM »
Yes ;)

GrahamE

  • Guest
Re: 2nd Harddrive problem
« Reply #13 on: November 16, 2007, 05:19:32 PM »
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-16 16:05:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwClose
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwCreateFile
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwCreateKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwCreatePort
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwCreateProcess
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwCreateProcessEx
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwCreateSection
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwCreateWaitablePort
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwDeleteFile
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwDeleteKey
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwDeleteValueKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwDuplicateObject
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwLoadDriver
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwLoadKey
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwOpenFile
SSDT            sbhr.sys                                                                                     ZwOpenKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwOpenProcess
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwOpenThread
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwRenameKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwReplaceKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwRequestWaitReplyPort
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwRestoreKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwSecureConnectPort
SSDT            \SystemRoot\System32\vsdatant.sys                                                            ZwSetInformationFile
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwSetValueKey
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwTerminateProcess
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                ZwWriteFile

---- Kernel code sections - GMER 1.0.13 ----

.text           ntoskrnl.exe!_abnormal_termination + 104                                                     804E2760 12 Bytes  [ 70, 42, 91, AA, 20, A5, 91, ... ]
?               srescan.sys                                                                                  The system cannot find the file specified.
?               C:\WINDOWS\system32\drivers\sbapifs.sys                                                      The system cannot find the file specified.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                     [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                          [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                         [AA919070] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                   [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                     [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                       [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                            [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                           [AA919070] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                      [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                          [AA919070] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                           [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                    [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                            [AA919070] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                             [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                        [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                     [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                       [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                            [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                           [AA919070] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile]                              [AA9263D0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                      [AA9189F0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                    [AA918B60] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                          [AA919070] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                           [AA918F10] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile]                                [AA9115C0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile]                      [AA911510] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile]                              [AA9116C0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile]                              [AA911220] \SystemRoot\System32\vsdatant.sys

GrahamE

  • Guest
Re: 2nd Harddrive problem
« Reply #14 on: November 16, 2007, 05:21:49 PM »
#2

---- Devices - GMER 1.0.13 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE                                                         [F74721DE] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE                                              [F74721DE] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE                                                          [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_READ                                                           [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE                                                          [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION                                              [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION                                                [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA                                                       [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA                                                         [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS                                                  [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION                                       [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION                                         [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL                                              [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL                                            [F7472454] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL                                                 [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL                                        [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN                                                       [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL                                                   [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP                                                        [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT                                                [F74721DE] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY                                                 [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY                                                   [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_POWER                                                          [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL                                                 [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE                                                  [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA                                                    [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA                                                      [F7465F4C] fltMgr.sys
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE                                                         [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE                                              [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE                                                          [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_READ                                                           [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE                                                          [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION                                              [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION                                                [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA                                                       [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA                                                         [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS                                                  [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION                                       [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION                                         [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL                                              [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL                                            [A917DF76] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL                                                 [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL                                        [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN                                                       [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL                                                   [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP                                                        [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT                                                [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY                                                 [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY                                                   [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_POWER                                                          [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL                                                 [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE                                                  [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA                                                    [A917C812] aswMon2.SYS
AttachedDevice  \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA                                                      [A917C812] aswMon2.SYS

Device          \Driver\Tcpip \Device\Ip IRP_MJ_CREATE                                                       [AA925CC0] vsdatant.sys
Device          \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE                                                        [AA925CC0] vsdatant.sys
Device          \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL                                               [AA925CC0] vsdatant.sys
Device          \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL                                      [AA925CC0] vsdatant.sys
Device          \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP                                                      [AA925CC0] vsdatant.sys