Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure If I'm Infected


  • Please log in to reply
3 replies to this topic

#1 jfirestorm44

jfirestorm44

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 30 August 2006 - 10:04 PM

Hi. I am just wandering if I might have some kind of infection. SpySweeper always seems to find iehelper every time it scans and today after closing IE7 SpySweeper popped up saying that somthing was trying to add iexplore.exe to the toolbar. Everytime I clicked block, it popped up again and again and again. Finally I checked remember this answer just dsom I wouldn't have to see the message anymore. Hopefully someone can help.

Logfile of HijackThis v1.99.1
Scan saved at 7:58:38 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\COMPAQ~1\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] ALCXMNTR.EXE
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145402590656
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:56 PM

Posted 07 September 2006 - 02:12 PM

Looks good to me. Lets dig a little deeper:


* Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode.. other rootkitrevealers don't.

#3 jfirestorm44

jfirestorm44
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 07 September 2006 - 05:44 PM

okay here's the results of GMER. I'll be deploying to Japan in 2 days so I my not be able to respond for a month or so but I'll try to check and see what you think.

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-07 15:40:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 86D6A2D0 ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateKey
SSDT 86D5EC48 ZwCreateProcess
SSDT 86D631A8 ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateThread
SSDT 86DAB268 ZwDeleteKey
SSDT 86DE3D10 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwFsControlFile
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenKey
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT 86D6A348 ZwQueueApcThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwReadVirtualMemory
SSDT 86D5D1F8 ZwRenameKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetContextThread
SSDT 86DE31B0 ZwSetInformationKey
SSDT 86D6B7B0 ZwSetInformationProcess
SSDT 86D6A4B0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSuspendProcess
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86D99550
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8661E0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 867C80E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 867C80E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 86A044C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8695B7F8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ 8694F3E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 86975B10
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 86A01B78
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 8674CFA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 86A01438
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 8694FEB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 869C3588
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 869C5308
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 868695B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 86977968
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 86D18840
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 869D8E58
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 86A00598
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F7BB885A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 8664B1C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 869DDB70
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 86D40220
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 869D3D08
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 866109E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 8695AA88
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 8695A568
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 86CF2388
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 869F5318
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 86CF16D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 869EED78
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP_POWER 8691A550
Device \Driver\00000045 \Device\00000054 IRP_MJ_SYSTEM_CONTROL [F748BEA8] sptd.sys
Device \Driver\00000045 \Device\00000054 IRP_MJ_DEVICE_CHANGE [F749FA70] sptd.sys
Device \Driver\00000045 \Device\00000054 IRP_MJ_PNP_POWER [F7498728] sptd.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 86A044C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8695B7F8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ 8694F3E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 86975B10
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 86A01B78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 8674CFA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 86A01438
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 8694FEB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 869C3588
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 869C5308
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 868695B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 86977968
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 86D18840
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 869D8E58
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 86A00598
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F7BB885A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 8664B1C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 869DDB70
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 86D40220
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 869D3D08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 866109E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 8695AA88
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 8695A568
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 86CF2388
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 869F5318
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 86CF16D0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 869EED78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP_POWER 8691A550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86D9A418
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86D9A418
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86D99A40
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86789D28
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 86789D28
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86D99A40
Device \Driver\usbstor \Device\00000080 IRP_MJ_CREATE 86754598
Device \Driver\usbstor \Device\00000081 IRP_MJ_CREATE 86754598
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8673B728
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8673B728
Device \Driver\usbstor \Device\00000079 IRP_MJ_CREATE 86754598
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 86A044C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 8695B7F8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ 8694F3E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 86975B10
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 86A01B78
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 8674CFA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 86A01438
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 8694FEB0
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 869C3588
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 869C5308
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 868695B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 86977968
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 86D18840
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 869D8E58
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 86A00598
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F7BB885A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 8664B1C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 869DDB70
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 86D40220
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 869D3D08
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 866109E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 8695AA88
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 8695A568
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 86CF2388
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 869F5318
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 86CF16D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 869EED78
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP_POWER 8691A550
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86D99808
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 86A044C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 8695B7F8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ 8694F3E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 86975B10
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 86A01B78
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 8674CFA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 86A01438
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 8694FEB0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 869C3588
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 869C5308
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 868695B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 86977968
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 86D18840
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 869D8E58
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 86A00598
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F7BB885A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 8664B1C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 869DDB70
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 86D40220
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 869D3D08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 866109E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 8695AA88
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 8695A568
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 86CF2388
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 869F5318
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 86CF16D0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 869EED78
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP_POWER 8691A550
Device \Driver\Disk \Device\Harddisk1\DR3 IRP_MJ_CREATE 86D99808
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+7 IRP_MJ_CREATE 86D99808
Device \Driver\Disk \Device\Harddisk2\DR4 IRP_MJ_CREATE 86D99808
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+8 IRP_MJ_CREATE 86D99808
Device \Driver\Disk \Device\Harddisk3\DR5 IRP_MJ_CREATE 86D99808
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+9 IRP_MJ_CREATE 86D99808
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+a IRP_MJ_CREATE 86D99808
Device \Driver\Disk \Device\Harddisk4\DR6 IRP_MJ_CREATE 86D99808
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 866040E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 866040E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2CC6DF3E-0EF8-444C-ACF7-26B3A1E6F681} IRP_MJ_CREATE 8673B728
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 86A044C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 8695B7F8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ 8694F3E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 86975B10
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 86A01B78
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 8674CFA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 86A01438
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 8694FEB0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 869C3588
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 869C5308
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 868695B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 86977968
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 86D18840
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 869D8E58
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 86A00598
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F7BB885A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 8664B1C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 869DDB70
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 86D40220
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 869D3D08
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 866109E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 8695AA88
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 8695A568
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 86CF2388
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 869F5318
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 86CF16D0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 869EED78
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP_POWER 8691A550
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 866040E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_M

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:56 PM

Posted 08 September 2006 - 10:08 AM

I still do not see anything bad. The only thing that jumps out of at me is that you have two real time antispyware scanners running at the same time. When you have multiple programs constantly monitoring file activity, process activity, and registry activity it can start to bog down your system. I would leave AVG alone, but pick one of the two antispyware applications to have their realtime shield running. They are both excellent products so not sure how to advise on this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users