1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved svchost.exe (network service) Slow - Possible Infection?

Discussion in 'Malware and Virus Removal Archive' started by James Martin, 2010/08/15.

  1. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    [Resolved] svchost.exe (network service) Slow - Possible Infection?

    Per Broni's instructions, I am starting a new thread in this forum to address a problem previously posted in the XP forum

    Can't seem to find the root cause for this problem. It causes random stalling problems with Firefox (latest stable version), print spooler, Weatherpulse, and diskeeper lite. System Restore works, but it is very slow, too.

    I updated the LAN driver yesterday, but still no change.

    Has anyone else run into this of late?

    Computer specs listed on the left side.

    *******************************

    About a month ago...

    Malware Bytes removed Trojan.Dropper and Trojan.Downloader.

    Super Anti-Spyware removed...
    Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{25E8A712-3BE9-4114-B84B-1603B97BC735}\RP23\A0005371.EXE


    Avast removed HTML:lframe-ini, and Win32:Malware-gen.

    I also ran online scans at: Eset, Housecall, and Norton. One of these, possibly Eset, detected two more infections, but I can't remember the virus names.

    Not sure where I picked up the malware, but Avast stopped Firefox from connecting to an infected site. It was then that I decided to run all of the scans.

    I tried to use the dds scanner, but it is being treated as an AutoCAD script, and the logs look encrypted. Shall I post a Hijackthis log instead?
     
  2. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

    ==============================================================

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

  3. to hide this advert.

  4. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    OTL logfile created on: 8/15/2010 4:44:14 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\Broni
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    991.00 Mb Total Physical Memory | 638.00 Mb Available Physical Memory | 64.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1486 2000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 20.00 Gb Total Space | 4.70 Gb Free Space | 23.52% Space Free | Partition Type: NTFS
    Drive D: | 20.00 Gb Total Space | 8.14 Gb Free Space | 40.69% Space Free | Partition Type: NTFS
    Drive E: | 15.00 Gb Total Space | 8.23 Gb Free Space | 54.85% Space Free | Partition Type: NTFS
    Drive F: | 19.53 Gb Total Space | 3.06 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    Unable to calculate disk information.
    Drive I: | 123.50 Mb Total Space | 95.26 Mb Free Space | 77.13% Space Free | Partition Type: FAT32
    Drive J: | 1.86 Gb Total Space | 1.10 Gb Free Space | 59.04% Space Free | Partition Type: FAT32
    Drive L: | 982.05 Mb Total Space | 287.60 Mb Free Space | 29.29% Space Free | Partition Type: FAT32
    Drive W: | 647.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive X: | 533.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive Y: | 96.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: NONERT-82YVYMU0
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/15 16:24:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Broni\OTL.exe
    PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    PRC - [2002/10/16 22:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/15 16:24:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Broni\OTL.exe
    MOD - [2008/10/09 11:53:03 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2009/03/03 17:21:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
    SRV - [2004/11/17 23:12:14 | 000,118,784 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2002/10/16 22:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\NTACCESS.SYS -- (WEBNTACCESS)
    DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/01 00:37:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2010/04/14 16:10:31 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/04/14 16:10:31 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/04/14 16:10:26 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2010/04/14 16:10:20 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
    DRV - [2010/04/08 12:49:59 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
    DRV - [2010/02/28 02:08:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/28 02:08:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
    DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2007/03/08 15:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2006/10/17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
    DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/08/09 14:29:08 | 000,015,345 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\PC Alert 4\NTCooler.sys -- (CoolerXPDriver)
    DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
    DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
    DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
    DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
    DRV - [2003/08/04 03:56:02 | 000,884,614 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
    DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
    DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
    FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 13:31:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 13:31:54 | 000,000,000 | ---D | M]

    [2010/03/20 23:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2010/08/15 02:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions
    [2010/04/26 21:05:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/20 23:23:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2010/03/21 02:12:03 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
    [2010/03/20 23:19:44 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
    [2010/08/08 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
    [2010/08/15 02:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/17 15:14:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/01 18:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/05/24 00:42:09 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    O1 HOSTS File: ([2009/12/16 18:35:25 | 000,366,473 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 12613 more lines...
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000315.dll (Copernic Inc.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
    O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1269839132156 (MUCatalogWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236018061328 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/01 21:32:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/12/13 22:38:52 | 003,533,821 | ---- | M] () - I:\AutoCAD 2008_cust_settings.zip -- [ FAT32 ]
    O32 - AutoRun File - [2010/06/26 19:10:38 | 000,000,197 | ---- | M] () - J:\AutoRun.inf -- [ FAT32 ]
    O32 - AutoRun File - [1999/01/19 18:25:50 | 000,000,095 | R--- | M] () - W:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [1999/01/19 18:26:06 | 000,000,187 | R--- | M] () - W:\AUTORUN.INI -- [ CDFS ]
    O32 - AutoRun File - [2003/07/16 16:55:09 | 000,000,110 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [2003/08/11 17:48:20 | 000,000,043 | R--- | M] () - Y:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\W\Shell - " " = AutoRun
    O33 - MountPoints2\W\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\W\Shell\AutoRun\command - " " = W:\BSHELF\AUTORUN.EXE -- [1998/12/07 13:36:40 | 000,088,287 | R--- | M] ()
    O33 - MountPoints2\X\Shell - " " = AutoRun
    O33 - MountPoints2\X\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\X\Shell\AutoRun\command - " " = X:\SETUP.EXE -- [2003/07/16 16:55:10 | 001,310,720 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\Y\Shell - " " = AutoRun
    O33 - MountPoints2\Y\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\Y\Shell\AutoRun\command - " " = Y:\PCIPRO.EXE -- [2003/08/11 18:12:32 | 000,344,064 | R--- | M] (Diamond Supra)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave4 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave5 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/15 16:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Broni
    [2010/08/15 03:30:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2010/08/08 15:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/08/06 02:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
    [2010/08/01 18:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/07/28 17:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
    [2010/07/27 14:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2010/07/21 03:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPU Thermometer
    [2010/07/20 22:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
    [2010/07/16 21:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Everest
    [2010/07/11 01:06:19 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2010/07/11 01:03:41 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2010/07/11 01:01:22 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2010/07/11 01:01:21 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2010/07/11 01:01:10 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2010/07/11 00:55:35 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2010/07/03 14:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
    [2010/06/29 13:00:12 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/06/29 01:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Antioch House
    [2010/06/20 22:57:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/06/20 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\SecurityScans
    [2010/06/19 22:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Mower lawsuit
    [2010/06/12 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\IE8 blurry
    [2010/06/12 17:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
    [2010/06/11 20:56:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
    [2010/06/11 20:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
    [2010/06/11 20:45:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
    [2010/05/27 13:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
    [2010/05/24 00:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit
    [2010/05/24 00:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2010/05/22 15:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/05/18 01:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
    [2009/03/02 12:02:13 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
    [2009/03/02 12:02:13 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/15 16:44:27 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/08/15 13:45:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/15 13:44:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/15 13:44:50 | 1039,716,352 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/15 03:31:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/08/15 02:24:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2010/08/14 18:36:59 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/08/14 18:36:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/08/14 15:20:55 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NC8012490 Machinist.doc
    [2010/08/13 22:26:57 | 000,011,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Magic Chef Microwave Oven.docx
    [2010/08/13 21:26:20 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.bak
    [2010/08/13 20:24:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/13 03:24:24 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hulu - The Pride Of St. Louis - Watch the full feature film now..url
    [2010/08/12 15:46:50 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\50332 pressure regulator - Google Search.URL
    [2010/08/12 00:28:41 | 000,014,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\'94 Dodge Gas Mileage.xlsx
    [2010/08/11 09:46:21 | 000,351,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/11 09:41:23 | 000,492,248 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/11 09:41:23 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 09:41:23 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/11 01:16:44 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How to Stop svchost.exe High CPU Usage.URL
    [2010/08/09 21:13:41 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Office of Community Services - Low Income Home Energy Assistance (LIHEAP) Program.URL
    [2010/08/09 17:46:23 | 005,864,631 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ID-2820 cordless phone.PDF
    [2010/08/09 01:15:00 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hulu - Big House, U.S.A. - Watch the full feature film now..URL
    [2010/08/07 21:14:15 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\secrets-to-maximizing-social-security Personal Finance News from Yahoo! Finance.URL
    [2010/08/06 12:42:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
    [2010/08/06 12:38:53 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Recent Tithes 2.xlsx
    [2010/08/06 00:49:04 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kb2286198 slow - Google Search.URL
    [2010/08/05 21:20:46 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
    [2010/08/05 12:46:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
    [2010/08/05 12:12:27 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DPE.DUS
    [2010/08/05 12:12:25 | 000,000,817 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/05 08:48:57 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\12 Examples of "Mental Accounting" (And How To Avoid Them) - trademonster.com - Yahoo! Buzz.URL
    [2010/08/03 22:15:13 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Supplements to consider.URL
    [2010/08/01 15:09:59 | 000,034,472 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\key_art_highway_patrol.jpg
    [2010/08/01 02:10:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/08/01 00:22:42 | 000,010,523 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Many of the liquid soap products are leaking.docx
    [2010/07/31 03:36:10 | 002,110,022 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010/07/28 23:39:20 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NumbersUSA For Lower Immigration Levels - For Lower Immigration Levels.URL
    [2010/07/28 03:23:37 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Computer Power Supply Fan Replacement.URL
    [2010/07/28 03:03:25 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Antec EarthWatts EA-500 500W Review.URL
    [2010/07/27 21:11:01 | 000,012,437 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Walmart downloads.docx
    [2010/07/24 18:29:09 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Hi Ray.doc
    [2010/07/23 22:36:57 | 000,178,984 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Magic Chef mcm1290a.pdf
    [2010/07/23 17:06:53 | 000,014,562 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Leanness Law No 1.docx
    [2010/07/23 17:06:53 | 000,014,562 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Leanness Law No 1.docx
    [2010/07/23 16:44:04 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How do you add another yahoo email address to your existing yahoo account - Yahoo! Answers.URL
    [2010/07/23 01:19:08 | 000,144,379 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Maintenance Guide.pdf
    [2010/07/23 01:18:38 | 001,729,313 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Manual.pdf
    [2010/07/21 18:18:56 | 013,525,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox 0.7.110.exe
    [2010/07/21 14:04:20 | 000,301,752 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\plugin-Slim_DVD_Writer_en_.pdf
    [2010/07/20 19:52:57 | 000,073,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cricket modem, MUST READ FIRST.pdf
    [2010/07/18 20:14:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/07/17 21:41:05 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Installed programs & instructions on their use..doc
    [2010/07/15 15:58:30 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
    [2010/07/13 03:25:06 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wendys Survey.URL
    [2010/07/11 20:45:10 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
    [2010/07/11 20:45:10 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
    [2010/07/09 11:52:16 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Dell Documentation.URL
    [2010/07/06 22:46:43 | 000,011,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My Job List.docx
    [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/28 00:25:46 | 000,943,454 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\C139_9500A91O Elaine's old phone.pdf
    [2010/06/11 20:57:07 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010/06/11 20:56:39 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
    [2010/06/09 17:59:03 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\e-Sword.lnk
    [2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys
    [2010/05/18 01:19:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/15 02:20:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2010/08/14 18:31:22 | 1039,716,352 | -HS- | C] () -- C:\hiberfil.sys
    [2010/08/14 15:51:14 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
    [2010/08/13 03:24:24 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hulu - The Pride Of St. Louis - Watch the full feature film now..url
    [2010/08/12 15:46:50 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\50332 pressure regulator - Google Search.URL
    [2010/08/11 01:16:44 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How to Stop svchost.exe High CPU Usage.URL
    [2010/08/09 21:13:41 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Office of Community Services - Low Income Home Energy Assistance (LIHEAP) Program.URL
    [2010/08/09 17:47:36 | 005,864,631 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ID-2820 cordless phone.PDF
    [2010/08/09 01:15:00 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hulu - Big House, U.S.A. - Watch the full feature film now..URL
    [2010/08/07 21:33:53 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.bak
    [2010/08/07 21:14:15 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\secrets-to-maximizing-social-security Personal Finance News from Yahoo! Finance.URL
    [2010/08/06 12:46:31 | 000,011,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Magic Chef Microwave Oven.docx
    [2010/08/06 00:49:04 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kb2286198 slow - Google Search.URL
    [2010/08/05 12:46:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
    [2010/08/05 08:48:57 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\12 Examples of "Mental Accounting" (And How To Avoid Them) - trademonster.com - Yahoo! Buzz.URL
    [2010/08/03 22:15:13 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Supplements to consider.URL
    [2010/08/01 15:09:03 | 000,034,472 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\key_art_highway_patrol.jpg
    [2010/08/01 00:22:42 | 000,010,523 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Many of the liquid soap products are leaking.docx
    [2010/07/28 23:39:20 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NumbersUSA For Lower Immigration Levels - For Lower Immigration Levels.URL
    [2010/07/28 03:23:37 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Computer Power Supply Fan Replacement.URL
    [2010/07/28 03:03:25 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Antec EarthWatts EA-500 500W Review.URL
    [2010/07/27 21:08:28 | 000,012,437 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Walmart downloads.docx
    [2010/07/26 19:34:16 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NC8012490 Machinist.doc
    [2010/07/24 17:58:12 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Hi Ray.doc
    [2010/07/23 22:36:57 | 000,178,984 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Magic Chef mcm1290a.pdf
    [2010/07/23 18:15:30 | 013,525,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox 0.7.110.exe
    [2010/07/23 17:08:54 | 000,014,562 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Leanness Law No 1.docx
    [2010/07/23 17:06:53 | 000,014,562 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Leanness Law No 1.docx
    [2010/07/23 16:44:04 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How do you add another yahoo email address to your existing yahoo account - Yahoo! Answers.URL
    [2010/07/23 01:19:35 | 000,144,379 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Maintenance Guide.pdf
    [2010/07/23 01:18:55 | 001,729,313 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Manual.pdf
    [2010/07/21 14:06:13 | 000,301,752 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\plugin-Slim_DVD_Writer_en_.pdf
    [2010/07/20 19:52:57 | 000,073,412 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cricket modem, MUST READ FIRST.pdf
    [2010/07/18 20:14:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2010/07/15 15:58:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
    [2010/07/13 03:25:06 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Wendys Survey.URL
    [2010/07/13 01:28:01 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
    [2010/07/13 01:25:46 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
    [2010/07/12 11:15:29 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MicroKeyBoardShorcuts.doc
    [2010/07/11 01:06:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2010/07/11 01:00:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2010/07/11 01:00:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2010/07/11 00:58:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2010/07/09 11:54:20 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Dell Documentation.URL
    [2010/07/08 15:02:01 | 000,943,454 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\C139_9500A91O Elaine's old phone.pdf
    [2010/06/14 12:03:39 | 000,014,211 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\'94 Dodge Gas Mileage.xlsx
    [2010/06/14 09:57:14 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Installed programs & instructions on their use..doc
    [2010/06/11 20:56:22 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010/05/22 15:12:13 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/05/18 01:19:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
    [2010/02/18 20:17:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mohinstall.dll
    [2009/10/23 23:35:52 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2009/05/08 12:13:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
    [2009/05/08 12:13:51 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
    [2009/05/08 12:13:51 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
    [2009/05/08 12:13:51 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
    [2009/03/12 12:06:30 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
    [2009/03/06 19:53:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/03/04 00:04:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/03/04 00:04:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/03/04 00:04:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/03/04 00:04:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/03/04 00:04:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/03/04 00:04:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/03/02 12:42:43 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
    [2009/03/02 10:55:40 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2009/03/02 09:29:53 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2009/03/02 09:29:44 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2008/02/19 23:08:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
    [2004/08/22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
    [2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010/04/14 16:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/05/22 15:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2009/06/07 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2010/02/19 18:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/08/23 22:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibbs
    [2010/07/27 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
    [2009/03/02 10:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2010/08/13 20:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/04/08 12:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
    [2009/12/02 16:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.3.0
    [2010/01/05 00:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.4
    [2009/06/07 23:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
    [2009/03/04 00:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Copernic
    [2010/05/24 00:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
    [2010/07/20 22:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
    [2009/08/23 22:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gibbs
    [2010/07/30 01:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GoodSync
    [2009/03/04 00:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
    [2009/03/04 00:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2009/04/28 19:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
    [2009/03/21 23:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
    [2010/04/08 13:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt
    [2009/03/21 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
    [2009/12/15 13:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherPulse
    [2009/03/02 13:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
    [2010/04/17 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinFF
    [2010/06/07 02:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/03/01 21:32:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/15 02:13:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2009/03/01 21:32:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/08/15 13:44:50 | 1039,716,352 | -HS- | M] () -- C:\hiberfil.sys
    [2010/03/15 01:10:44 | 000,014,107 | ---- | M] () -- C:\HijackPatrol.log
    [2009/03/01 21:32:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/06/11 16:59:50 | 000,001,230 | ---- | M] () -- C:\ipconfig.txt
    [2010/05/06 02:01:40 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2009/03/01 21:32:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/03/01 21:47:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/03/15 01:50:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/15 13:44:43 | 1558,183,936 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2004/06/10 15:00:00 | 000,016,384 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD58.DLL
    [2004/06/10 15:00:00 | 000,048,640 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP58.DLL
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009/03/01 16:22:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/03/01 16:22:32 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/03/01 16:22:32 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\dds.scr:SummaryInformation
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    < End of report >
     
  5. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    OTL Extras logfile created on: 8/15/2010 4:44:14 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\Broni
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    991.00 Mb Total Physical Memory | 638.00 Mb Available Physical Memory | 64.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1486 2000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 20.00 Gb Total Space | 4.70 Gb Free Space | 23.52% Space Free | Partition Type: NTFS
    Drive D: | 20.00 Gb Total Space | 8.14 Gb Free Space | 40.69% Space Free | Partition Type: NTFS
    Drive E: | 15.00 Gb Total Space | 8.23 Gb Free Space | 54.85% Space Free | Partition Type: NTFS
    Drive F: | 19.53 Gb Total Space | 3.06 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    Unable to calculate disk information.
    Drive I: | 123.50 Mb Total Space | 95.26 Mb Free Space | 77.13% Space Free | Partition Type: FAT32
    Drive J: | 1.86 Gb Total Space | 1.10 Gb Free Space | 59.04% Space Free | Partition Type: FAT32
    Drive L: | 982.05 Mb Total Space | 287.60 Mb Free Space | 29.29% Space Free | Partition Type: FAT32
    Drive W: | 647.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive X: | 533.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive Y: | 96.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: NONERT-82YVYMU0
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00422D27-AAF5-493F-8232-EA1D1D920025}" = Foxit Reader
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FD27B25-4128-4CDA-A322-F1C8F0D8FEC9}" = e-Sword
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
    "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
    "{656A8811-95E1-4BD2-B692-8202DDBA15D5}_is1" = CPU Thermometer 1.0
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
    "{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (DVD Only)
    "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
    "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3F60446-48FB-48A8-B5FC-BB3430AEF806}" = Diskeeper Lite
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.82
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis*True*Image*WD*Edition
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0BE1EEE-2A4E-4FC8-8818-F13AE51EF4BE}" = GibbsCAM 2007, v8.5.10
    "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
    "{EC984406-5CBB-435A-BB4B-B25BB32EDDC2}" = WinBackup
    "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "7-Zip" = 7-Zip 4.65
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AquaLog" = AquaLog
    "AutoCAD 2008 - English" = AutoCAD 2008 - English
    "avast5" = avast! Free Antivirus
    "Belarc Advisor" = Belarc Advisor 8.1
    "Bookshelf 2k" = Bookshelf 2000
    "Camsim Milling v3.9M" = Camsim Milling v3.9M
    "CamSim Turning" = CamSim Turning
    "CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
    "CCleaner" = CCleaner
    "CopernicDesktopSearch2" = Copernic Desktop Search - Home
    "CXT1034" = SUPRAMAX V.92 PCI PRO
    "DiskCleaner" = Disk Cleaner (remove only)
    "DriverAgent.exe" = DriverAgent by eSupport.com
    "DVDFab" = DVDFab (remove only)
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    "DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.1.2.0
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "FavOrg" = FavOrg
    "FaxTalk Communicator 4.5" = FaxTalk Communicator 4.5
    "Free Registry Defrag_is1" = Free Registry Defrag
    "HijackThis" = HijackThis 2.0.2
    "HP PSC 2100 Series" = HP Photo and Imaging 2.0 - hp psc 2100 series
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{D0BE1EEE-2A4E-4FC8-8818-F13AE51EF4BE}" = GibbsCAM 2007, v8.5.10_NLO(w)
    "Juno Connection Wizard" = Juno Connection Wizard
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
    "MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "P4M266" = ProSavageDDR and Utilities
    "PC Alert 4" = PC Alert 4
    "qt7lite_is1" = QT Lite 2.9.2
    "Revo Uninstaller" = Revo Uninstaller 1.88
    "S3Display" = S3Display
    "S3Gamma2" = S3Gamma2
    "S3Info2" = S3Info2
    "S3Overlay" = S3Overlay
    "Secunia PSI" = Secunia PSI
    "SpeedFan" = SpeedFan (remove only)
    "SpywareBlaster_is1" = SpywareBlaster 4.3
    "STA.bsa_ENU" = The Real Yellow Pages v5.1.1
    "TrueCrypt" = TrueCrypt
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "Unlocker" = Unlocker 1.8.7
    "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
    "Weather Pulse 2.2.4.4" = Weather Pulse 2.2.4.4
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPatrol" = WinPatrol
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AI RoboForm" = AI RoboForm
    "Sansa Updater" = Sansa Updater

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 3/8/2009 4:57:06 PM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    Error - 4/17/2009 9:07:50 PM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    Error - 11/13/2009 2:38:34 AM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    Error - 12/17/2009 9:23:34 PM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    Error - 12/17/2009 9:23:34 PM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    Error - 12/17/2009 9:23:41 PM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    Error - 3/29/2010 1:05:30 AM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    Error - 4/13/2010 8:23:42 PM | Computer Name = NONERT-82YVYMU0 | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 6/16/2010 3:16:11 PM | Computer Name = NONERT-82YVYMU0 | Source = Application Error | ID = 1001
    Description = Fault bucket 223121472.

    Error - 6/19/2010 4:31:47 PM | Computer Name = NONERT-82YVYMU0 | Source = Microsoft Management Console | ID = 1000
    Description =

    Error - 6/19/2010 4:31:53 PM | Computer Name = NONERT-82YVYMU0 | Source = Microsoft Management Console | ID = 1001
    Description =

    Error - 6/21/2010 4:11:50 PM | Computer Name = NONERT-82YVYMU0 | Source = Application Error | ID = 1000
    Description = Faulting application shutdown.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x6c26aa7e.

    Error - 6/21/2010 4:11:54 PM | Computer Name = NONERT-82YVYMU0 | Source = Application Error | ID = 1001
    Description = Fault bucket 751645075.

    Error - 7/13/2010 2:17:32 AM | Computer Name = NONERT-82YVYMU0 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/13/2010 2:17:32 AM | Computer Name = NONERT-82YVYMU0 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/13/2010 2:17:32 AM | Computer Name = NONERT-82YVYMU0 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/18/2010 2:34:24 PM | Computer Name = NONERT-82YVYMU0 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/18/2010 2:34:24 PM | Computer Name = NONERT-82YVYMU0 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    [ OSession Events ]
    Error - 7/27/2009 2:42:32 PM | Computer Name = NONERT-82YVYMU0 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/14/2010 6:23:03 PM | Computer Name = NONERT-82YVYMU0 | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 8/14/2010 6:23:03 PM | Computer Name = NONERT-82YVYMU0 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 AFD AmdK7 aswSP aswTdi BANTExt Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
    SASKUTIL
    Tcpip
    truecrypt
    vsdatant

    Error - 8/14/2010 6:24:12 PM | Computer Name = NONERT-82YVYMU0 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 8/14/2010 6:36:48 PM | Computer Name = NONERT-82YVYMU0 | Source = Service Control Manager | ID = 7022
    Description = The avast! Antivirus service hung on starting.

    Error - 8/14/2010 6:36:55 PM | Computer Name = NONERT-82YVYMU0 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 8/14/2010 6:36:56 PM | Computer Name = NONERT-82YVYMU0 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 8/14/2010 6:36:57 PM | Computer Name = NONERT-82YVYMU0 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 8/15/2010 3:57:21 PM | Computer Name = NONERT-82YVYMU0 | Source = Print | ID = 6161
    Description = The document April's Seizure Calender 2007-2008.xls owned by Owner
    failed to print on printer Canon i560. Data type: NT EMF 1.008. Size of the spool
    file in bytes: 131072. Number of bytes printed: 44784. Total number of pages in
    the document: 1. Number of pages printed: 0. Client machine: \\NONERT-82YVYMU0.
    Win32 error code returned by the print processor: 0 (0x0).

    Error - 8/15/2010 4:03:51 PM | Computer Name = NONERT-82YVYMU0 | Source = Print | ID = 6161
    Description = The document April's Seizure Calender 2007-2008.xls owned by Owner
    failed to print on printer Canon i560. Data type: NT EMF 1.008. Size of the spool
    file in bytes: 45072. Number of bytes printed: 44952. Total number of pages in
    the document: 1. Number of pages printed: 0. Client machine: \\NONERT-82YVYMU0.
    Win32 error code returned by the print processor: 0 (0x0).

    Error - 8/15/2010 4:05:29 PM | Computer Name = NONERT-82YVYMU0 | Source = Print | ID = 6161
    Description = The document April's Seizure Calender 2007-2008.xls owned by Owner
    failed to print on printer Canon i560. Data type: NT EMF 1.008. Size of the spool
    file in bytes: 45072. Number of bytes printed: 44952. Total number of pages in
    the document: 1. Number of pages printed: 0. Client machine: \\NONERT-82YVYMU0.
    Win32 error code returned by the print processor: 0 (0x0).


    < End of report >
     
  6. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
  7. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    There is no quick scan log for Malware Bytes on my machine, and they cannot be found in Application Data, or under Program Files / Malware Bytes. Two quick scans were clean, though.

    Would it be OK to show a full scan log?
     
  8. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Wait.

    Bear with me...I didn't have log box checked.

    I'll post a quick scan log soon.
     
  9. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....lol.
     
  10. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4434

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    8/15/2010 6:54:57 PM
    mbam-log-2010-08-15 (18-54-57).txt

    Scan type: Quick scan
    Objects scanned: 137350
    Time elapsed: 9 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    =========================================

    Full scan was clean, too.
     
  11. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Please delete last log post.




    Edit: I'll have to post the other items later on tonight, or tomorrow.
     
    Last edited: 2010/08/15
  12. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....
     
  13. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    I could not get the GMER scanner to work due to the dreaded - t1g1iqmi.exe has encountered a problem and needs to close. Sorry for the inconvenience. - message.

    I tried it safe mode and got the same results.

    For what it's worth, the scanner started scanning as soon as I opened it, and it was impossible to uncheck the "devices" box before Windows shut the program down.

    Anyway, here are the MBR Check scan results...

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x03c00bbd

    Kernel Drivers (total 138):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7C0F000 \WINDOWS\system32\KDCOM.DLL
    0xF7B1F000 \WINDOWS\system32\BOOTVID.dll
    0xF76C8000 d347bus.sys
    0xF769A000 ACPI.sys
    0xF7C11000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF7689000 pci.sys
    0xF770F000 isapnp.sys
    0xF7B23000 compbatt.sys
    0xF7B27000 \WINDOWS\System32\DRIVERS\BATTC.SYS
    0xF7C13000 viaide.sys
    0xF798F000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF771F000 MountMgr.sys
    0xF766A000 ftdisk.sys
    0xF7997000 PartMgr.sys
    0xF799F000 videX32.sys
    0xF772F000 VolSnap.sys
    0xF7652000
    0xF7C15000 d347prt.sys
    0xF763A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF773F000 disk.sys
    0xF774F000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF761A000 fltmgr.sys
    0xF7608000 sr.sys
    0xF75F1000 KSecDD.sys
    0xF75DE000 WudfPf.sys
    0xF7551000 Ntfs.sys
    0xF7524000 NDIS.sys
    0xF74B9000 timntr.sys
    0xF775F000 viaagp.sys
    0xF79A7000 viaagp1.sys
    0xF7460000 tdrpman.sys
    0xF7C17000 speedfan.sys
    0xF7441000 snapman.sys
    0xF7427000 Mup.sys
    0xF7CD7000 giveio.sys
    0xF778F000 \SystemRoot\System32\DRIVERS\amdk7.sys
    0xF7316000 \SystemRoot\system32\DRIVERS\s3gnbm.sys
    0xF7302000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF79CF000 \SystemRoot\System32\DRIVERS\usbohci.sys
    0xF72DE000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF79D7000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF7211000 \SystemRoot\system32\DRIVERS\winachcf.sys
    0xF79EF000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF79FF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF779F000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF77AF000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF77BF000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF71EE000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF6E16000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xF6DF2000 \SystemRoot\system32\drivers\portcls.sys
    0xF77CF000 \SystemRoot\system32\drivers\drmk.sys
    0xF77DF000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
    0xF7A27000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF77EF000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF73AF000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF6DDE000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF77FF000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF7A37000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF7A3F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF7DEA000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF780F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF73A3000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF6DC7000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF781F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF782F000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7A5F000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF6DB6000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF783F000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF7A6F000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF7A7F000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF784F000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF7C1F000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF6CB8000 \SystemRoot\System32\DRIVERS\update.sys
    0xF738F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF785F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF787F000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF7C25000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF735B000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF7A9F000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xF7C49000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7E37000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7C4D000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7ABF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7AC7000 \SystemRoot\System32\drivers\vga.sys
    0xF7C51000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C55000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7AD7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7AE7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF73A7000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xF4BBD000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xF4B64000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xF78BF000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xF4B3E000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF78CF000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF4B16000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF4A95000 \SystemRoot\System32\vsdatant.sys
    0xF4A73000 \SystemRoot\System32\drivers\afd.sys
    0xF78DF000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xF4A3E000 \SystemRoot\System32\drivers\truecrypt.sys
    0xF6C9C000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xF78EF000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xF497C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0xF7B07000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xF4951000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xF48E1000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF78FF000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7D03000 \SystemRoot\System32\Drivers\BANTExt.sys
    0xF48BA000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF79C7000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF7A07000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF791F000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF481E000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF7A1F000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xF47DE000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7C7F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF480E000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7A57000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7CE7000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\s3gnb.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xF21B2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xF6D36000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0xF2086000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xF1D1F000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xF1B7A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF20F6000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF1995000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF7C77000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF1C8B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF1826000 \SystemRoot\System32\DRIVERS\srv.sys
    0xF79E7000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xF1425000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF131E000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\awwdifoc.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 29):
    0 System Idle Process
    4 System
    756 C:\WINDOWS\system32\smss.exe
    920 csrss.exe
    944 C:\WINDOWS\system32\winlogon.exe
    988 C:\WINDOWS\system32\services.exe
    1000 C:\WINDOWS\system32\lsass.exe
    1152 C:\WINDOWS\system32\svchost.exe
    1232 svchost.exe
    1352 C:\WINDOWS\system32\svchost.exe
    1400 C:\WINDOWS\system32\svchost.exe
    1500 svchost.exe
    1596 svchost.exe
    1692 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    1992 C:\WINDOWS\explorer.exe
    1292 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1720 C:\WINDOWS\system32\spoolsv.exe
    1424 svchost.exe
    1896 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    1936 C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    296 C:\Program Files\Java\jre6\bin\jqs.exe
    432 C:\WINDOWS\system32\svchost.exe
    2056 C:\WINDOWS\system32\wuauclt.exe
    2632 alg.exe
    2740 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    2748 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    2756 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    3088 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    3616 C:\Documents and Settings\Owner\Desktop\Broni\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000005`00156400 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000a`002a4a00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x0000000d`c01a9600 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    Last edited: 2010/08/15
  14. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    MBRCheck log looks good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Out of curiosity, I downloaded GMER from a different site and here are the results...

    GMER 1.0.12.12011 - http://www.gmer.net
    Rootkit scan 2010-08-15 23:14:30
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.12 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwClose
    SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateKey
    SSDT d347bus.sys ZwCreatePagingFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
    SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDeleteKey
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDeleteValueKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
    SSDT d347bus.sys ZwEnumerateKey
    SSDT d347bus.sys ZwEnumerateValueKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey2
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
    SSDT d347bus.sys ZwQueryKey
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwQueryValueKey
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRenameKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRestoreKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
    SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwSetSecurityObject
    SSDT d347bus.sys ZwSetSystemPowerState
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwSetValueKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwSystemDebugControl
    SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

    Code \SystemRoot\System32\Drivers\aswSP.SYS ZwLoadDriver
    Code \SystemRoot\System32\Drivers\aswSP.SYS ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.12 ----

    .text ntoskrnl.exe!_abnormal_termination + 100 804E276C 16 Bytes [ 20, 9A, 6C, F7, C0, 6C, AB, ... ]
    PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F48CCF6C \SystemRoot\System32\Drivers\aswSP.SYS
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F48CB5B4 \SystemRoot\System32\Drivers\aswSP.SYS
    PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP F48CFAFE \SystemRoot\System32\Drivers\aswSP.SYS

    ---- User code sections - GMER 1.0.12 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[2340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe
    .text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3416] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
    .text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3416] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 330B9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll

    ---- Devices - GMER 1.0.12 ----

    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F48CF68C] aswSP.SYS
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F48CF6CC] aswSP.SYS
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865372E0
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F48CF7A8] aswSP.SYS
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F48CF7E8] aswSP.SYS
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F48CF73A] aswSP.SYS
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [F48CF828] aswSP.SYS
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE [F48CF868] aswSP.SYS
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85EE74B0
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE [F48CF944] aswSP.SYS
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION [F48CF984] aswSP.SYS
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP [F48CF8D6] aswSP.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F4A9F434] vsdatant.sys
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8645AA60
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 861190C0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8645AA60
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 864554A8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 864554A8
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8645AA60
     
  16. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Continued...


    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_NAMED_PIPE 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_EA 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_VOLUME_INFORMATION 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DIRECTORY_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FILE_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_LOCK_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLEANUP 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_MAILSLOT 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_SECURITY 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CHANGE 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_QUOTA 8645AA60
    Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 8645AA60
    Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 85C11860
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F4A9F434] vsdatant.sys
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 860BF3A8
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F4A9F434] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F4A9F434] vsdatant.sys
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 860BF3A8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86119308
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 864FBE20
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CREATE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CREATE_NAMED_PIPE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CLOSE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_READ 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_WRITE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_FLUSH_BUFFERS 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_DIRECTORY_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SHUTDOWN 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_LOCK_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CLEANUP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_CREATE_MAILSLOT 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_POWER 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_DEVICE_CHANGE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_QUERY_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_SET_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 IRP_MJ_PNP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_CREATE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_CREATE_NAMED_PIPE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_CLOSE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_READ 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_WRITE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_QUERY_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_SET_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_QUERY_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_SET_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_FLUSH_BUFFERS 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_DIRECTORY_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_SHUTDOWN 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_LOCK_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_CLEANUP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_CREATE_MAILSLOT 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_QUERY_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_SET_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_POWER 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_DEVICE_CHANGE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_QUERY_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_SET_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target3Lun0 IRP_MJ_PNP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CLOSE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_READ 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_WRITE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_FLUSH_BUFFERS 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DIRECTORY_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SHUTDOWN 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_LOCK_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CLEANUP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE_MAILSLOT 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_POWER 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CHANGE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_PNP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8641DD50
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8641DD50
    Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F48CF828] aswSP.SYS
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F48CF868] aswSP.SYS
    Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85EE74B0
    Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F48CF944] aswSP.SYS
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F48CF984] aswSP.SYS
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F48CF8D6] aswSP.SYS
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86110B10
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86110B10
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86110B10
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86110B10
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86110B10
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 860A8348

    ---- Modules - GMER 1.0.12 ----

    Module _________ F7652000

    ---- Files - GMER 1.0.12 ----

    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    ADS C:\Documents and Settings\Owner\Desktop\dds.scr:SummaryInformation
    ADS C:\Documents and Settings\Owner\Desktop\dds.scr:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS D:\ISO Images\Mavis Beacon Image.iso:SummaryInformation
    ADS D:\ISO Images\Mavis Beacon Image.iso:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS D:\School & Job Assistance\AutoCAD drawings\CAD II\Text\06_PUMP_ASSEMBLY.dwg:SummaryInformation
    ADS D:\School & Job Assistance\AutoCAD drawings\CAD II\Text\06_PUMP_ASSEMBLY.dwg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS E:\Desktop Items\Chess Game\Chess-it!.exe:SummaryInformation
    ADS E:\Desktop Items\Chess Game\Chess-it!.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS E:\Desktop Items\Downloaded Programs\Cannon Tool Bar 2.6 & Drivers\(more) Updated Cannon Drivers\i560xp173eus Driver.exe:SummaryInformation
    ADS E:\Desktop Items\Downloaded Programs\Cannon Tool Bar 2.6 & Drivers\(more) Updated Cannon Drivers\i560xp173eus Driver.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS E:\Desktop Items\Downloaded Programs\DVD Tools\Divix\DivXCreate2.exe:SummaryInformation
    ADS E:\Desktop Items\Downloaded Programs\DVD Tools\Divix\DivXCreate2.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS E:\Desktop Items\Downloaded Programs\Firefox\install_flash_player 10.0.12.36 Firefox.exe:SummaryInformation
    ADS E:\Desktop Items\Downloaded Programs\Firefox\install_flash_player 10.0.12.36 Firefox.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS E:\Desktop Items\Downloaded Programs\HP Drivers, etc\pmsvptch.exe:SummaryInformation
    ADS E:\Desktop Items\Downloaded Programs\HP Drivers, etc\pmsvptch.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    ADS E:\Desktop Items\Downloaded Programs\Nero Downloads\Nero Tools\Nero Extras\DynWrSpeed_off.zip:SummaryInformation
    ADS ...

    ---- EOF - GMER 1.0.12 ----
     
  17. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks fine, so I need Combofix now :)
     
  18. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Can you go into more detail about script blocking?

    Is this found under IE, and FireFox options?
     
  19. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No. Do you use GMER, or Windows Defender.

    Just in case, you use any of them....

    1. Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    Alternatively, I suggest, you uninstall Spybot since it's a tool of the past.

    2. Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.
     
  20. 2010/08/15
    James Martin

    James Martin Geek Member Thread Starter

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    I don't use any of the above anymore (I'm new to GMER, but it is not open), so I am good to go I guess.

    I will be shutting down Avast, ZA (and Windows Firewall, too), and Win Patrol.

    Should I disable my LAN, or just let ComboFix do it? (I'm worried about picking up an infection on my exposed PC)
     
  21. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let Combofix do it.
    Do you use two firewalls?
    That's not a good idea.
    You should run only one.

    Go on...
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.