Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg Says Vistax.dll Is Infected With Generic3.ha


  • This topic is locked This topic is locked
14 replies to this topic

#1 Aranfirin

Aranfirin

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 03 July 2006 - 10:07 AM

Hello all,

When i started up my computer after vacation i suddenly got a message from AVG that

vistax.dll was infected with the trojan backdoor Generic3.HA.

AVG did not seem to be able to remove this or even move this to quarantaine.
I seached the web and downloaded trojanhunter to try and remove it.
THis program found haxdoor.100 and removed this.
i have tried various other remove programs ans such but i keep getting the same message from AVG over and over again. Below i posted a log from HijackThis i hope someone will be able to shed some light on this.
Many thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 17:04:32, on 3-7-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
E:\downloads\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.informatique.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.informatique.nl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB83F3B-EFE0-48BB-BC9D-24437F412459}: NameServer = 192.168.2.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 Aranfirin

Aranfirin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 03 July 2006 - 02:26 PM

Just some extra information

AVG gives the trojan horse message whenever internetexplorer is opened.

WIth trojanhunter program i managed to get rid of the haxdoor but avg keeps giving the message while i cannot find the supposed trojan Generic3.HA with any other program

thanks in advance

#3 Aranfirin

Aranfirin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 July 2006 - 08:22 AM

I browsed some of the post and aide given to others but what i tried so far does not seem to work.

I used a couple of online scanners to fully check my computer but it turns up clean. which kinda surprises me.


While AVG keeps giving me an alert when IE, Outlook or any other program connecting to the internet is started up
*vistax.dll infected with generic3.ha*

im beginning to wonder if its a conflict of some program with avg, but from what i read on the net and here vistax and vistaj are definetly associated with a trojan.

I hope someone is able to shed some light on this for i dont seem to be able to solve it myself.

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:21 PM

Posted 05 July 2006 - 04:13 PM

Hello there,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

I see a Haxdoor rootkit infection on your computer.

Download GMER from Here
Right Click the Zip and Select "Extract All"
Double Click gmer.exe to launch the program.
Click on the Rootkit Tab and then click Scan.
It takes a while to run, once complete, copy the results to notepad and save them somewhere safe.
Post those results in the next reply.

David

#5 Aranfirin

Aranfirin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 July 2006 - 05:50 PM

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-06 00:35:40
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\vistaj.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\vistaj.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [BAE0485A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [BAE0485A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8981C728
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 8981C728
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSEIRP_MJ_READ 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSEIRP_MJ_READ 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 8981C8E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_NAMED_PIPE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_WRITE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FLUSH_BUFFERS 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DIRECTORY_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SHUTDOWN 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_LOCK_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLEANUP 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_MAILSLOT 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CHANGE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE_NAMED_PIPE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CLOSEIRP_MJ_READ 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_WRITE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_EA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_FLUSH_BUFFERS 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_VOLUME_INFORMATION 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DIRECTORY_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_FILE_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SHUTDOWN 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_LOCK_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CLEANUP 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE_MAILSLOT 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_SECURITY 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_POWER 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SYSTEM_CONTROL 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DEVICE_CHANGE 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_QUOTA 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_PNP 8981C8E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_PNP_POWER 8981C8E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8981C728
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8981C728
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 8981C728
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [BAE0485A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [BAE0485A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [BAE0485A] avgtdi.sys
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP_POWER 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 897E6F00
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 897E6F00

---- Modules - GMER 1.0.10 ----

Module _________ BA6E4000

---- Registry - GMER 1.0.10 ----

Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ads.clicksor.com/serving/links.php?chad=1&cs=&adtype=8&sid=57623&pid=41821&uid=23949790454559&adu=3&image=2&c1=#FFFFFF&c2=#FFFFFF&c3=#3170B0&c4=#000000&ref=na&memkey=b34672d276c59e8dabc35bfb8119591e&bdurl=http%3A%2F%2Fnewzfind.com%2Fads%2Fetology_250.htm&qp=%60%5E%(%2C%FB$)$%F9".%7C!)%7D%7D&durl= 5/20/2006 2:39??????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/iframe3?6QIAAGwpAAAJPQEAF3sAAAABAAAAAP8AAP8FEQACAAJbMwAAPLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3MzMzMzPQ.zczMzMzM9D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKvjrSK9R2gDJUu8dxJBLvazIVBS4G3V-4WUuhAAAAAA=, 6/15/2006 16:22?????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ad.firstadsolution.com/iframe3?6QIAAPahAABqwwAAppMAAAAAMAAAAP8AAP8FEQACAAIowQAAY-gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PwAAAAAAAPg.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtQBVU.JS2gB85bzXWGEL1HF6UANNLa1U3p.zlgAAAAA=, 6/15/2006 16:28?????????

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\system32\klgcptini.dat
File C:\WINDOWS\system32\maskstt.a3d
File C:\WINDOWS\system32\qz.dll
File C:\WINDOWS\system32\qz.sys
File C:\WINDOWS\system32\stt82.ini
File C:\WINDOWS\system32\vistaj.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\vistax.dll
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log

---- Services - GMER 1.0.10 ----

Service C:\WINDOWS\system32\vistaj.sys SYSTEM] vistaj <-- ROOTKIT !!!

---- EOF - GMER 1.0.10 ----

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:21 PM

Posted 07 July 2006 - 02:32 PM

Heya Aranfirin,
Thanks for posting the logs - you have a haxdoor rootkit infection.
I need one more log from you to see if there are mutliple haxdoor keys or not.

Download haxfix.exe
and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"
A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
  • Copy the contents of that logfile and paste it into this thread.
David

#7 Aranfirin

Aranfirin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 08 July 2006 - 07:59 AM

hello d-trojanator

thanks for the help so far.

i did the log for haxfix but accidently pressed option 2 auto clean

i saw it removed a ps3d? file
2 notify keys vistaj and vistax

and removed 2 matching services both related to vistaj and vistax

i ran the log option again and this is posted below


HAXFIX logfile - by Marckie
______________
version 3.03
za 08-07-2006 14:55:26,82

checking for haxdoor
--------------------
checking for a3d files....
a3d files not found

checking for matching notify keys....
no matching notify keys found

checking for matching services....
no matching services found

checking for matching safeboot services....
no matching safeboot services found


Checking for goldun
-------------------
checking for notify keys....
no notify keys found

checking for services....
no services found


Finished

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:21 PM

Posted 08 July 2006 - 08:02 AM

Hehe, you did the next step for me. :thumbsup:
Please run GMER again and post its log.
David

Edited by D-Trojanator, 08 July 2006 - 08:09 AM.


#9 Aranfirin

Aranfirin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 08 July 2006 - 08:13 PM

new gmer log

0.10.10122 - http://www.gmer.net
Rootkit 2006-07-09 03:09:52
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [BADFA85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [BADFA85A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 89820E50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 89820E50
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 89832170
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 89832170
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSEIRP_MJ_READ 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 89832170
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP_POWER89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSEIRP_MJ_READ 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 89832170
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP_POWER89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_NAMED_PIPE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_WRITE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_EA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_EA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FLUSH_BUFFERS 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DIRECTORY_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SHUTDOWN 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_LOCK_CONTROL89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLEANUP 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_MAILSLOT 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_SECURITY89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_POWER 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CHANGE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP_POWER 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE_NAMED_PIPE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CLOSEIRP_MJ_READ 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_WRITE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_EA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_EA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_FLUSH_BUFFERS 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_VOLUME_INFORMATION 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DIRECTORY_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_FILE_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SHUTDOWN 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_LOCK_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CLEANUP 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_CREATE_MAILSLOT 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_SECURITY 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_POWER 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SYSTEM_CONTROL 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_DEVICE_CHANGE 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_QUERY_QUOTA89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_SET_QUOTA 89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_PNP89832170
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b IRP_MJ_PNP_POWER 89832170
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 89820E50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 89820E50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 89820E50
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [BADFA85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [BADFA85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [BADFA85A] avgtdi.sys
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP_POWER 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 897FE538
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 897FE538

---- Modules - GMER 1.0.10 ----

Module _________ BA6E4000

---- Registry - GMER 1.0.10 ----

Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ads.clicksor.com/serving/links.php?chad=1&cs=&adtype=8&sid=57623&pid=41821&uid=23949790454559&adu=3&image=2&c1=#FFFFFF&c2=#FFFFFF&c3=#3170B0&c4=#000000&ref=na&memkey=b34672d276c59e8dabc35bfb8119591e&bdurl=http%3A%2F%2Fnewzfind.com%2Fads%2Fetology_250.htm&qp=%60%5E%(%2C%FB$)$%F9".%7C!)%7D%7D&durl= 5/20/2006 2:39??????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/iframe3?6QIAAGwpAAAJPQEAF3sAAAABAAAAAP8AAP8FEQACAAJbMwAAPLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3MzMzMzPQ.zczMzMzM9D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKvjrSK9R2gDJUu8dxJBLvazIVBS4G3V-4WUuhAAAAAA=, 6/15/2006 16:22?????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ad.firstadsolution.com/iframe3?6QIAAPahAABqwwAAppMAAAAAMAAAAP8AAP8FEQACAAIowQAAY-gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PwAAAAAAAPg.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtQBVU.JS2gB85bzXWGEL1HF6UANNLa1U3p.zlgAAAAA=, 6/15/2006 16:28?????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/rw?iframe3%3F6QIAAGwpAADNtwEAl6EAAAEAAAAAAA4AAgABAwACAAJbMwAAhAIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGY7T8AAAAAAAAAANmJnRjLw%2EY%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwkj2U9st%2DQAHGP3DBVDmGBENdvPyWIxRzLjXsAAAAAA%3D%2C 7/9/2006 2:09???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ad.firstadsolution.com/rw?iframe3%3FAAAAAHz8AACPhAEADKIAAAAAAAAAAP8AAAABAwACAAPWCAEA%2EE8AAPkDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAJxAYKKbSPg%2EnEBgoptI%2DD9ogJXBZzAAQGiAlcFnMABAUhQhFgLoCEBSFCEWAugIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuKljBmgu%2DQClrdIDAVzN2Dggl%2DJlRKX1ZaM0oQAAAAA%3D%2C 7/9/2006 2:12???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ad.firstadsolution.com/rw?iframe3%3FAAAAAHz8AACosgEA76gAAAAABAAAAP8AAAABAwACAALWCAEA4Q8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgwmpXts%2EQ%2ExacAGM8A9z8hls0ckpr7P12Kq8q%2Dq%2E4%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATdExLXku%2DQBpzoQgKimpnVFmWE0Fqga5hjP4KAAAAAA%3D%2C 7/9/2006 2:12???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ad.firstadsolution.com/rw?iframe3%3FAAAAAHz8AAAAswEA%2DKoAAAAACAAAAP8AAAABAwACAALWCAEALhMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5eKcsQZ%2EI%2Enl4pyxBn8j8ofoy5a4n4Pyh%2DjLlrifg%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA15pzJIcu%2DQCXpazS%2EcZDV4NdL81nQsNdP5XeDgAAAAA%3D%2C 7/9/2006 2:12???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/rw?iframe3%3F6QIAAGwpAADLtwEADKIAAAAACAAAAA8AAQABAwACAAJbMwAA%2DQMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANejcD0K1%2EU%2EDGjhIdSi9j%2ENzMzMzMwAQEQBhnyPaQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPoaEA48y%2DQB2JWbizt18QfBAPgmJcQzLP2FFkwAAAAA%3D%2C 7/9/2006 2:29???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/rw?iframe3%3F6QIAAGwpAACRhAEADKIAAAAAEAAAAP8AAAABAwACAAJbMwAA%2DQMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJFTLwdeavU%2EkVMvB15q9T9vthCjNHkAQG%2D2EKM0eQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQpYSHqUy%2DQBxKi52Lqaf7EClX2jIwLpvslKSbQAAAAA%3D%2C 7/9/2006 2:30???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://ad.firstadsolution.com/iframe3?6QIAAPahAABwpAEAXKQAAAAAHAAAAA4AAgABAwACAAMiEAEA.E8AAHQIAQAAAAAAAAAAAAAAAAAAAAAAAAAAADMzMzMzM-8.MzMzMzMz7z8zMzMzMzP.PzMzMzMzM.8.AAAAAAAACEAAAAAAAAAIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4rzgHK4y-QDnQJzz0v-r-ISzZsl0wHvNOqcCvQAAAAA=, 7/9/2006 2:30???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/iframe3?6QIAAGwpAABytQEABEoAAAAAJAAAAA4AAQABAwACAAJbMwAA5XUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3MzMzMzPQ.zczMzMzM9D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAucWJMxk1-QDmzPvX-sEkAxpjSQSZppBtpBOD6AAAAAA=, 7/9/2006 2:40???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/rw?iframe3%3F6QIAAGwpAADOtwEAmaMAAAEAMAAAAP8AAAABAwACAAJbMwAABAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGY7T8AAAAAAAAAANmJnRjLw%2EY%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5JLOM382%2DQD5tGnw4UqdjG5QUUzjMhtnAzzJiwAAAAA%3D%2C 7/9/2006 2:46???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/rw?iframe3%3F6QIAAGwpAADNtwEADKIAAAABPAAAAA4AAgABAwACAAJbMwAA%2DQMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPp%2Darx0k%2D4%2ENDMzS99G8D%2DF61G4HoX3PzyxE5uSCvk%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMSaTZlo4%2DQCaG%2DEP0RsHT0MGbUlmOzQkz9EK4QAAAAA%3D%2C 7/9/2006 2:54???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/rw?iframe3%3F6QIAAGwpAADNtwEAmaMAAAEARAAAAA4AAgABAwACAAJbMwAABAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGY7T8AAAAAAAAAANmJnRjLw%2EY%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoaedHm44%2DQAz61E9LdPHZennz%2DRxAx5YKu5NgQAAAAA%3D%2C 7/9/2006 2:54???????????
Reg \Registry\USER\S-1-5-21-265266111-3714039513-1329475703-1005\Software\NVIDIA Corporation\Global\nView\IEPP\History@http://adserving.cpxinteractive.com/rw?iframe3%3F6QIAAGwpAADNtwEADKIAAAABTAAAAA4AAgABAwACAAJbMwAA%2DQMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPp%2Darx0k%2D4%2ENDMzS99G8D%2DF61G4HoX3PzyxE5uSCvk%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn00%2DXAg5%2DQAPQs4z4WpJ6dXhaO%2Dw9i8Az4DJvQAAAAA%3D%2C 7/9/2006 2:57???????????

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:21 PM

Posted 09 July 2006 - 03:26 AM

Super! :thumbsup:

That's your Haxdoor infection destroyed.

As with all malware like this, it never comes alone and there are probably infected files left on your computer. Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply by using Add Reply, along with a new Hijackthis log.

David

#11 Aranfirin

Aranfirin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 09 July 2006 - 09:34 AM

Panda report

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Fabian van Lent\Cookies\fabian van lent@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Fabian van Lent\Cookies\fabian van lent@adrevolver[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Fabian van Lent\Cookies\fabian van lent@adtech[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Fabian van Lent\Cookies\fabian van lent@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Fabian van Lent\Cookies\fabian van lent@as-eu.falkag[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Fabian van Lent\Cookies\fabian van lent@ccbill[1].txt
Hacktool:HackTool/EvID Not disinfected E:\downloads\EvID4226Patch223d-en.zip[EvID4226Patch.exe]
Hacktool:HackTool/EvID Not disinfected E:\downloads\ralf\EvID4226Patch.exe

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 13:11:58, on 9-7-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\downloads\HijackThis\HijackThis.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.informatique.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HijackThis startup scan] E:\downloads\HijackThis\HijackThis.exe /startupscan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.informatique.nl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB83F3B-EFE0-48BB-BC9D-24437F412459}: NameServer = 192.168.2.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:21 PM

Posted 09 July 2006 - 10:26 AM

Please delete the following two files:

E:\downloads\EvID4226Patch223d-en.zip
E:\downloads\ralf\EvID4226Patch.exe

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

O4 - Startup: PowerReg Scheduler V3.exe

* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

Please reboot and let me know how the computer is running.
David

#13 Aranfirin

Aranfirin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 10 July 2006 - 03:43 PM

seems to run fine

thank you very much for the assistance.

Anything else i should do or check?

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:21 PM

Posted 11 July 2006 - 11:33 AM

Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will reduce dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:21 PM

Posted 10 August 2006 - 05:21 AM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users