Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Is Eating My Hard Drive Space


  • This topic is locked This topic is locked
14 replies to this topic

#1 Belkorin

Belkorin

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 24 July 2007 - 07:24 PM

No matter what I do, how much I delete, how often I empty the cache on my browsers, wipe the various temp folders, and run disk cleanup, my hard drive keeps filling up, and I cannot find where my disk space is going. I've run everything I can possibly think of to get rid of any sort of malware, and it just keeps happening.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:34 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\freeFTPd\FreeFTPdService.exe
D:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\iSafer\iSafer.exe
C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe
D:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Gnumeric\bin\gnumeric.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SNDVOL32.EXE
D:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1139115820\ee\anotify.exe
D:\Program Files\SHOUTcast\sc_serv.exe
D:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Belkorin\LOCALS~1\Temp\Temporary Directory 1 for McafeeRootkitDetective.zip\Rootkit_Detective.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: iSafer.lnk = D:\Program Files\iSafer\iSafer.exe
O4 - Global Startup: Logo Calibration Loader.lnk = D:\Program Files\Pantone\Eye-One Match\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = D:\Program Files\Pantone\Eye-One Match\ProfileReminder.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: freeFTPdService - Unknown owner - D:\Program Files\freeFTPd\FreeFTPdService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 07 August 2007 - 09:33 AM

Hello Belkorin, sorry for the delay. I'm just looking over your log and will get back to you soon.

#3 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 07 August 2007 - 02:29 PM

Hello Belkorin, my name is Rorschach and I'll be helping you with your problems.

Did you install TightVNC yourself?


To clean up some hard drive space do the following

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Next :

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So in your next reply please post the following : the two DSS texts in full, and tell me how your PC is running and if you are having any problems besides your hard drive space being low.

#4 Belkorin

Belkorin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 08 August 2007 - 04:58 PM

The computer is running pretty normal, aside from problems caused by low disk space. It flakes out every once in a while, but I've come to expect windows to do that, even on a fresh install. TightVNC is deliberately there, as is the FTP server. I like being able to access my computer when I'm not in front of it.

Here's the logs:

Deckard's System Scanner v20070807.62
Run by Belkorin on 2007-08-08 at 17:56:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; disk is full.


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.1 GiB (less than 15%) free.


-- HijackThis (run as Belkorin.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:27 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\freeFTPd\FreeFTPdService.exe
D:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\MagicDisc\MagicDisc.exe
D:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1139115820\ee\anotify.exe
C:\WINDOWS\system32\wuauclt.exe
D:\temp\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Belkorin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: iSafer.lnk = D:\Program Files\iSafer\iSafer.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: freeFTPdService - Unknown owner - D:\Program Files\freeFTPd\FreeFTPdService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6774 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys
R1 IfsDrives - c:\windows\system32\drivers\ifsdrives.sys
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
R2 vmx86 (VMware vmx86) - c:\windows\system32\drivers\vmx86.sys <Not Verified; VMware, Inc.; VMware kernel driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S2 ASInsHelp - c:\windows\system32\drivers\asinshelp32.sys (file missing)
S3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys (file missing)
S3 Cap713x (Philips Cap713x Video Capture) - c:\windows\system32\drivers\cap713x.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors Cap713x>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 eyeonedp (eye-one display) - c:\windows\system32\drivers\eyeonedp.sys
S3 kwcxbus (Kyocera USB Composite Device driver (WDM)) - c:\windows\system32\drivers\kwcxbus.sys <Not Verified; MCCI; Kyocera USB Composite Device>
S3 kwcxser (Kyocera High-Speed Wireless Modem Drivers) - c:\windows\system32\drivers\kwcxser.sys <Not Verified; MCCI; Kyocera High-Speed Wireless Modem>
S3 PDIHWCTL - c:\windows\system32\drivers\pdihwctl.sys <Not Verified; Portrait Displays, Inc.; PdiHwCtl>
S3 RapDrv - c:\windows\system32\drivers\rapdrv.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>
S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys (file missing)
S4 black - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 freeFTPdService - d:\program files\freeftpd\freeftpdservice.exe <Not Verified; ; freeFTPdService Module>
R2 NoIPDUCService - d:\program files\no-ip\duc20.exe -service <Not Verified; Vitalwerks LLC; DUC v2.2.1.0>

S2 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service <Not Verified; Constantin Kaplinsky; TightVNC Win32 Server>
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>
S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S4 BlackICE - "d:\program files\iss\blackice\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Network ICE Corporation blackd>
S4 iSafer (iSafer - Personal Firewall) - d:\program files\isafer\isafersvr.exe <Not Verified; http://winsockfirewall.sourceforge.net; iSaferSvr.exe>
S4 RapApp - "d:\program files\iss\blackice\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S4 Unigraphics License Server (uglmd) - "d:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe" <Not Verified; Macrovision Corporation; >
S4 VMAuthdService (VMware Authorization Service) - d:\program files\vmware\vmware server\vmware-authd.exe <Not Verified; VMware, Inc.; VMware Server>
S4 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Server>
S4 vmserverdWin32 (VMware Registration Service) - d:\program files\vmware\vmware server\vmserverdwin32.exe <Not Verified; VMware, Inc.; VMware Server>
S4 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter


-- Scheduled Tasks -------------------------------------------------------------

2007-08-08 02:00:00 352 --a------ C:\WINDOWS\Tasks\Anonymizer scan for spyware.job
2007-08-05 21:14:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-03 07:56:00 284 --a------ C:\WINDOWS\Tasks\New Task.job
2007-06-26 02:20:00 272 --a------ C:\WINDOWS\Tasks\shutdown.job


-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2007-07-27 00:52:11 0 dr-h----- C:\Documents and Settings\Belkorin\Recent
2007-07-24 20:23:05 0 d-------- C:\Program Files\Trend Micro
2007-07-24 17:47:55 0 d-------- C:\WINDOWS\BDOSCAN8
2007-07-19 01:18:32 0 d-------- C:\VundoFix Backups
2007-07-18 17:46:56 0 d-------- C:\WINDOWS\Start Menu
2007-07-18 17:46:56 0 d-------- C:\WINDOWS\Favorites
2007-07-18 01:34:48 0 d-------- C:\Documents and Settings\Belkorin\.housecall6.6
2007-07-17 17:32:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-13 17:34:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-07-11 01:28:21 92160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2007-07-11 01:28:20 0 d-------- C:\Program Files\MagicDisc
2007-07-08 05:04:40 0 d-------- C:\Program Files\LiveUpdate
2007-07-08 05:04:27 0 d-------- C:\Program Files\Kyocera Wireless Corp
2007-07-08 04:09:56 47616 --a------ C:\WINDOWS\system32\kwcxunin2k.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2007-07-08 04:09:56 5776 --a------ C:\WINDOWS\system32\drivers\kwcxwhnt.sys <Not Verified; MCCI; Kyocera USB Composite Device>
2007-07-08 04:09:56 5776 --a------ C:\WINDOWS\system32\drivers\kwcxwh.sys <Not Verified; MCCI; Kyocera USB Composite Device>
2007-07-08 04:09:56 87104 --a------ C:\WINDOWS\system32\drivers\kwcxser.sys <Not Verified; MCCI; Kyocera High-Speed Wireless Modem>
2007-07-08 04:09:56 6112 --a------ C:\WINDOWS\system32\drivers\kwcxcmnt.sys <Not Verified; MCCI; Kyocera High-Speed Wireless Modem>
2007-07-08 04:09:56 6112 --a------ C:\WINDOWS\system32\drivers\kwcxcm.sys <Not Verified; MCCI; Kyocera High-Speed Wireless Modem>
2007-07-08 04:09:56 52480 --a------ C:\WINDOWS\system32\drivers\kwcxbus.sys <Not Verified; MCCI; Kyocera USB Composite Device>
2007-07-08 04:09:56 0 d-------- C:\Program Files\KWCX
2007-07-08 04:09:01 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software


-- Find3M Report ---------------------------------------------------------------

2007-08-08 17:54:24 0 d-------- C:\Documents and Settings\Belkorin\Application Data\uTorrent
2007-07-18 00:51:13 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-07-18 00:51:11 0 d-a------ C:\Program Files\Common Files
2007-07-13 17:47:51 0 d-------- C:\Documents and Settings\Belkorin\Application Data\AVG7
2007-07-12 20:16:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-06 19:19:02 0 d-------- C:\Documents and Settings\Belkorin\Application Data\Motive
2007-07-06 19:18:50 0 d-------- C:\Program Files\SBC Self Support Tool
2007-07-03 18:40:14 0 d--h----- C:\Documents and Settings\Belkorin\Application Data\ijjigame
2007-07-03 18:27:08 0 d-------- C:\Documents and Settings\Belkorin\Application Data\gtk-2.0
2007-07-03 17:46:50 0 d-------- C:\Program Files\Common Files\Motive
2007-06-28 18:54:42 0 d-------- C:\Program Files\BroadJump
2007-06-25 23:33:28 0 d-------- C:\Program Files\Java
2007-06-22 00:22:53 0 d-------- C:\Program Files\AIM6
2007-06-21 18:29:56 0 d-------- C:\Documents and Settings\Belkorin\Application Data\GretagMacbeth
2007-06-19 17:23:33 0 d-------- C:\Documents and Settings\Belkorin\Application Data\SiteAdvisor


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [08/01/2003 07:28 PM]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [03/10/2006 01:45 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 11:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [09/23/2004 02:41 PM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [11/18/2004 11:16 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/10/2005 10:49 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/10/2005 10:49 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/30/2007 10:30 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/24/2006 03:37 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 10:49 PM]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [05/09/2006 08:24 PM]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [06/21/2007 02:35 AM]

C:\Documents and Settings\Belkorin\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [7/11/2007 1:28:20 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iSafer.lnk - D:\Program Files\iSafer\iSafer.exe [9/10/2006 1:04:28 PM]
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2/3/2006 5:15:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE PC Protection.lnk
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^TV User^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\TV User\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139115820\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiRes]
C:\Program Files\MultiRes\MultiRes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quick TV Agent]
C:\Program Files\Terminator\Quick TV\Scheduled.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
D:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WScheduler]
D:\Program Files\SystemScheduler\WScheduler.exe /LOGON

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vmserverdWin32"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"usprserv"=3 (0x3)
"Unigraphics License Server (uglmd)"=2 (0x2)
"SQLAgent$AUTODESKVAULT"=3 (0x3)
"RapApp"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$AUTODESKVAULT"=2 (0x2)
"NetSvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
AutoRun\command- X:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
AutoRun\command- Y:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- Z:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25901826-a8f3-11db-838d-0013d4e9c089}]
AutoRun\command- E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe




-- End of Deckard's System Scanner: finished at 2007-08-08 at 17:57:59 ---------

Deckard's System Scanner v20070807.62
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1022.61 MiB / 577.81 MiB
Pagefile Memory (total/avail): 2459.42 MiB / 2108.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1973 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 5 GiB total, 0.1 GiB free.
D: is Fixed (Ext2) - 137.17 GiB total, 19.8 GiB free.
F: is Fixed (Ext2) - 0.01 GiB total, 0 GiB free.
G: is CDROM (CDFS)
H: is CDROM (No Media)
I: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
X: is CDROM (CDFS)
Y: is CDROM (CDFS)
Z: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v6.1.737.000 (Zone Labs, Inc.)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1139115820\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139115820\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139115820\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139115820\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"


-- Environment Variables -------------------------------------------------------

AIP_LOCALE110=all
AIP_ROOT110=D:\Program Files\Autodesk\Inventor 11\Stress Analysis
ALLUSERSPROFILE=C:\Documents and Settings\All Users
ANSYS_SYSDIR=Intel
APPDATA=C:\Documents and Settings\Belkorin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FISHTANK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GTK_BASEPATH=D:\Program Files\Gnumeric
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Belkorin
LOGONSERVER=\\FISHTANK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\Program Files\Gnumeric\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Progra~1\cdrtools-latest;D:\Program Files\Common Files\GTK\2.0\bin;D:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Belkorin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Belkorin\LOCALS~1\Temp
tvdumpflags=8
UGII_BASE_DIR=D:\Program Files\UGS\NX 3.0\
UGII_LANG=english
UGII_LICENSE_FILE=27000@fishtank
UGII_ROOT_DIR=D:\Program Files\UGS\NX 3.0\UGII\
USERDOMAIN=FISHTANK
USERNAME=Belkorin
USERPROFILE=C:\Documents and Settings\Belkorin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Belkorin (admin)
TV User (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "D:\Program Files\Microsoft ActiveSync\Freecell for Pocket PC\uninstall.exe"
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec.exe /I{09715083-BF10-4834-9E28-B5D8820513CA}
--> MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}
--> MsiExec.exe /I{35103A8A-E9D8-40FA-AEC7-4D138952DB30}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "D:\Program Files\uTorrent\uninstall.exe"
AbiWord 2.4.5 (remove only) --> D:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Ad-Aware SE Personal --> D:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE D:\Program Files\Lavasoft\Ad-Aware SE Personal\INSTALL.LOG
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AFPL Ghostscript 8.53 --> D:\Program Files\gs\uninstgs.exe "D:\Program Files\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts --> D:\Program Files\gs\uninstgs.exe "D:\Program Files\gs\fonts\uninstal.txt"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Allofmp3 Explorer --> D:\Program Files\MediaServices\Allofmp3\UNWISE.EXE D:\Program Files\MediaServices\Allofmp3\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ASUS_Ai_Proactive_Screensaver (E) --> C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr /u
AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Audacity 1.2.6 --> "D:\Program Files\Audacity\unins000.exe"
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Autodesk Inventor Professional 11 --> MsiExec.exe /I{7F4DD591-1100-0409-0000-7107D70F3DB4}
Autodesk Student Community Download Tool --> "D:\Program Files\Autodesk Student Community Download Tool\unins000.exe"
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BASIC Stamp Editor v2.1 --> MsiExec.exe /X{1DA4D310-FE56-4E12-950E-1054B1AF6CBD}
BlackICE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76542EE3-5849-11D2-9C18-00609707C0FF}\Setup.exe" -l0x9
BoxWorld --> C:\WINDOWS\bxpda10_uninstall.exe c:\Program Files\BoxWorld\
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Burn4Free CD and DVD --> "D:\Program Files\Burn4Free\uninstall.exe"
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Chipamp --> D:\Program Files\Winamp\uninstall_chipamp.exe
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Crimson Editor (remove only) --> D:\Program Files\Crimson Editor\uninstall.exe
CureROM Pro 2.0.3 --> D:\Program Files\CureROM\uninst.exe
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
eMusic Download Manager --> C:\Program Files\InstallShield Installation Information\{48FEB597-0410-4A17-B134-0DEF3083B944}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
EVEREST Home Edition v2.20 --> "D:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x9 -removeonly
Exact Audio Copy 0.95b4 --> D:\Program Files\Exact Audio Copy\uninst.exe
Ext2 IFS 1.10b for Windows XP --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT501.inf
FileAlyzer 1.4 --> "C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe
freeFTPd 1.0.10 --> "D:\Program Files\freeFTPd\unins000.exe"
GameOfLife --> D:\Program Files\Microsoft ActiveSync\GameOfLife\Uninstall.exe GameOfLife
Gnumeric Spreadsheet (With Gtk+ 2.10.11) 1.7.10-win32-1 --> D:\Program Files\Gnumeric\uninst.exe
GSview 4.8 --> D:\Program Files\Ghostgum\gsview\uninstgs.exe "D:\Program Files\Ghostgum\gsview\uninstal.txt"
GTK+ 2.8.9 runtime environment --> "D:\Program Files\Common Files\GTK\2.0\unins000.exe"
Guild Wars --> "D:\Program Files\Guild Wars\Gw.exe" -uninstall
Gunbound Revolution --> "d:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
HammerSnipe PowerTool --> C:\WINDOWS\st6unst.exe -n "D:\Program Files\HammerSnipe PowerTool\ST6UNST.LOG"
HammerSnipe PowerTool (D:\Program Files\HammerSnipe PowerTool\) --> C:\WINDOWS\st6unst.exe -n "D:\Program Files\HammerSnipe PowerTool\ST6UNST.000"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Indeo Uninstall.isu" -c"C:\WINDOWS\system32\SavedSystemFiles\indounin.dll"
Inkscape 0.43 --> "D:\Program Files\Inkscape\uninst.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iSafer --> D:\Program Files\iSafer\UNWISE.EXE D:\Program Files\iSafer\INSTALL.LOG
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java™ SE Development Kit 6 Update 1 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kyocera High-Speed Wireless Modem Drivers --> C:\WINDOWS\system32\kwcxunin2k.exe C:\WINDOWS\system32\kwcxunin.u2k
Kyocera USB Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{461D92DA-0B8C-496B-B6AA-BD0614BE0867}
Lemmings Revolution --> C:\WINDOWS\IsUninst.exe -f"d:\Program Files\Lemmings Revolution\Lemmings Revolution.isu"
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
LNZ Pro --> "D:\Program Files\Sherlock Software\LNZ Pro\unins000.exe"
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
MagicDisc 2.5.74 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Mathematica 5.2 for Students --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FC10C290-6E4D-4C6B-A8B3-33700C21F9E6}
Mental Motions Pencil Box --> "C:\WINDOWS\psuninst2.exe" "D:\Program Files\Microsoft ActiveSync\Pencil Box\uninst.dat"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (AUTODESKVAULT) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Microsoft XNA Framework --> MsiExec.exe /I{E7A2604C-0131-4415-9D0A-717E1BB1EDD2}
Minimo --> D:\Program Files\Microsoft ActiveSync\Minimo\Uninstall.exe Minimo
mIRC --> "D:\old F drive\Program Files\mIRC\mirc.exe" -uninstall
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.5 (en-US)"
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
myFairTunes6 v.0.5.7b --> "D:\Program Files\myFairTunes6\unins000.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NetAlyzer 0.3 --> "C:\Program Files\PepiMK Software\NetAlyzer\unins000.exe"
NetBeans IDE 6.0 Build 200706230000 --> "D:\Program Files\NetBeans 6.0 200706230000\uninstall.exe"
No-IP.com DUC (remove only) --> "D:\Program Files\No-IP\DUC20.exe" -uninstall
NX 3 --> MsiExec.exe /I{9D180A76-C05F-4064-94B1-069E6EEEA5EF}
NX 3 FLEXlm --> MsiExec.exe /X{440701AA-4602-409C-8CC3-5BB9D2F11A91}
PCSpim --> MsiExec.exe /I{75DE1CEC-63C5-48F7-8742-C7FC41E08F6B}
Petz 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\Ubi Soft\Studio Mythos\Petz 5\Uninst\setup.exe" -l0x9
Philips TV7131 WDM Video Capture --> C:\WINDOWS\p3xunist.exe
PHP 5.1.2 --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
PHP DESIGNER 2006 4.06 --> D:\Program Files\PHP DESIGNER 2006\uninst.exe
Pocket PC Connection Wizard --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Microsoft ActiveSync\cmdtwiz.isu"
Python 2.3.4 --> D:\Python23\UNWISE.EXE D:\Python23\INSTALL.LOG
Quick TV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546524F3-2728-4AEE-92EB-0352DAFDBFBD}\setup.exe" -l0x9
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Raptor Shareware --> "D:\Program Files\Raptor_Shareware\unins000.exe"
RegAlyzer 1.4 --> "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Roguescanfix 1.5 --> "C:\Program Files\Roguescanfix\unins000.exe"
Runtime Files Pack 3 --> C:\WINDOWS\ST4UNST.EXE -n "C:\WINDOWS\system32\ST4UNST.000"
Shareaza version 2.2.1.0 --> "D:\Program Files\Shareaza\Uninstall\unins000.exe"
SHOUTcast DNAS (remove only) --> "D:\Program Files\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.9.0 (remove only) --> D:\Program Files\Winamp\uninst-dsp.exe
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeedFan (remove only) --> "D:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
StatPac for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D676FA0-1FC2-11D5-86FA-00207816A2E0}\Setup.exe" -l0x9
Stickies 5.2a --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 5.2a
Streamripper Plugin 1.62.1 (Remove only) --> D:\Program Files\Winamp\streamripper_uninstall.exe
System Scheduler 3.53 --> "D:\Program Files\SystemScheduler\unins000.exe"
Terminator TV7131 Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{477AB148-138C-46D2-820B-0DBFA744CEE8}\Setup.exe" -l0x9 -uninst
Terragen --> MsiExec.exe /I{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
The GIMP 2.2.10 --> "D:\Program Files\GIMP-2.0\unins000.exe"
The Neverhood --> D:\Program Files\DreamWorks Interactive\Neverhood\setup95.exe /uninstall
TightVNC 1.2.9 --> "C:\Program Files\TightVNC\unins000.exe"
TrueDownloader 0.82 --> "D:\Program Files\TrueDownloader\unins000.exe"
VideoLAN VLC media player 0.8.5 --> D:\Program Files\VideoLAN\VLC\uninstall.exe
VIDEOzilla 2.0 --> "D:\Program Files\VIDEOzilla\unins000.exe"
Visual Basic 4 Runtime Files --> C:\WINDOWS\ST4UNST.EXE -n "C:\WINDOWS\system32\ST4UNST.LOG"
VMware Server Installer --> MsiExec.exe /I{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}
Wallpaper Switcher .NET --> D:\Program Files\Wallpaper Switcher .NET\uninstall.exe
WallpaperSpinner --> "D:\Program Files\DownloadGrid.com\WallpaperSpinner\unins000.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfram Notebook Indexer 1.1 --> MsiExec.exe /I{E24A7D40-D12E-4A11-8DEC-7BB21BE4614D}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
X-Chat 2 (remove only) --> "D:\Program Files\xchat\uninstall.exe"
XBCD 1.07 --> D:\Program Files\XBCD\uninst.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event ID #1358: Error
Event Submitted/Written: 08/08/2007 05:55:58 PM
Event Source: Application Hang
Event Description:
Hanging application AcroRd32.exe, version 8.0.0.456, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1357: Error
Event Submitted/Written: 08/08/2007 02:21:28 PM
Event Source: ESENT
Event Description:
wuauclt (2168) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Event ID #1356: Error
Event Submitted/Written: 08/08/2007 02:21:28 PM
Event Source: ESENT
Event Description:
wuauclt (2176) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Event ID #1355: Error
Event Submitted/Written: 08/08/2007 02:21:27 PM
Event Source: ESENT
Event Description:
wuauclt (1548) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Event ID #1354: Error
Event Submitted/Written: 08/08/2007 02:21:27 PM
Event Source: ESENT
Event Description:
wuauclt (2708) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #14993: Error
Event Submitted/Written: 08/08/2007 08:42:07 AM
Event Source: Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event ID #14992: Error
Event Submitted/Written: 08/08/2007 08:42:06 AM
Event Source: Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event ID #14991: Error
Event Submitted/Written: 08/08/2007 08:21:26 AM
Event Source: Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event ID #14990: Error
Event Submitted/Written: 08/08/2007 08:21:25 AM
Event Source: Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event ID #14989: Error
Event Submitted/Written: 08/07/2007 08:42:41 AM
Event Source: Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2007-08-08 at 17:57:59 ---------

#5 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 11 August 2007 - 08:27 AM

Hello Belkorin

C: is Fixed (NTFS) - 5 GiB total, 0.1 GiB free.

Having such a low amount of space free is a bad idea, and can lead to many problems. I recommend that you get a new hard drive. You can also free up some space by disabling System Restore, however be careful doing this if you ever need to restore your PC to a previous state.


Could you please tell me about these files

C:\WINDOWS\Tasks\New Task.job
C:\WINDOWS\Tasks\shutdown.job




Do these entries look familiar to you?

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
AutoRun\command- X:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
AutoRun\command- Y:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- Z:\autoplay.exe


So please answer my questions in your next post, and say how your PC is running and if you are having any problems.

#6 Belkorin

Belkorin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 11 August 2007 - 01:19 PM

The low amount of free space is the problem. Windows is deliberately on a small partition of my hard drive so that I have a large data partition in case I need to totally nuke windows. There should be approximately 1 GB free on the 5GB partition, but no matter how much I delete from it, it keeps filling up.

The two tasks are tasks that I created. One to use the computer as an alarm clock, and the other to shut the computer down at a particular time.

The autorun registry entries are for some virtual drives that I have mounted.

Edited by Belkorin, 11 August 2007 - 01:26 PM.


#7 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 11 August 2007 - 02:25 PM

Hello Belkorin

Please do the following :


Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
So in your next reply please post the following : the GMER results and the Kaspersky Webscanner report.

#8 Belkorin

Belkorin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 17 August 2007 - 04:48 PM

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-17 17:47:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F670362C 5 Bytes JMP 865AE4D8
? System32\Drivers\amukpl14.SYS The system cannot find the file specified.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7436AB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7436BFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7436B7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7437728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74375FE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7449C5A] sptd.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1139115820\ee\aolsoftware.exe[2344] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!RegQueryValueExA] [00FE77CC] c:\program files\common files\aol\1139115820\ee\services\imApp\ver1_3_30\imAppService.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT c:\program files\common files\aol\1139115820\ee\aim6.exe[2636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D11E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D11E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7B4C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7B4C404] avg7rsw.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BAC85A] avgtdi.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 864707C0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 864707C0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 864707C0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 864707C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867651E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 864707C0
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 864707C0
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 864707C0
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 864707C0
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 8644D1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 8644D1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8644D1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8644D1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 8644D1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8644D1E8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 8644D1E8
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_CREATE 864707C0
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_CLOSE 864707C0
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_POWER 864707C0
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 864707C0
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_PNP 864707C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BAC85A] avgtdi.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_CREATE [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_CREATE_NAMED_PIPE [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_CLOSE [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_READ [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_WRITE [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_QUERY_INFORMATION [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_SET_INFORMATION [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_QUERY_EA [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_SET_EA [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_FLUSH_BUFFERS [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_QUERY_VOLUME_INFORMATION [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_SET_VOLUME_INFORMATION [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_DIRECTORY_CONTROL [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_FILE_SYSTEM_CONTROL [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_DEVICE_CONTROL [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_SHUTDOWN [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_LOCK_CONTROL [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_CLEANUP [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_CREATE_MAILSLOT [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_QUERY_SECURITY [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_SET_SECURITY [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_POWER [F7444DB8] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_SYSTEM_CONTROL [F745F344] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_DEVICE_CHANGE [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_QUERY_QUOTA [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_SET_QUOTA [F7462F18] sptd.sys
Device \Driver\PCI_NTPNP6638 \Device\00000057 IRP_MJ_PNP [F74602D0] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D31E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86607708
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867D31E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86607708
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLOSE 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_POWER 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SYSTEM_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_PNP 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CREATE 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CLOSE 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_POWER 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SYSTEM_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_PNP 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CREATE 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CLOSE 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_POWER 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SYSTEM_CONTROL 867D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_PNP 867D21E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 867D31E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 86607708
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 867D31E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 86607708
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 86607708
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85F9F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 85F9F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 85F9F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 85F9F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 85F9F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 85F9F1E8
Device \Driver\usbhub \Device\00000083 IRP_MJ_PNP [BADF2410] hcmon.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85F9F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 85F9F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 85F9F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 85F9F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 85F9F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 85F9F1E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BAC85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BAC85A] avgtdi.sys
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 864707C0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 864707C0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL [BADF2DD0] hcmon.sys
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 864707C0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 864707C0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 864707C0
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 864707C0
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 864707C0
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL [BADF2DD0] hcmon.sys
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 864707C0
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 864707C0
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 864707C0
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CREATE 864707C0
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CLOSE 864707C0
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 864707C0
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL [BADF2DD0] hcmon.sys
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_POWER 864707C0
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 864707C0
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_PNP 864707C0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85F7B1E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7BAC85A] avgtdi.sys
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 8644D1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 8644D1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 8644D1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [BADF3190] hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 8644D1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 8644D1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 8644D1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85F7B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85F7B1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D31E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B6A7B35C-5F86-49AA-8B4C-A1E049DDAC74} IRP_MJ_CREATE 85F9F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B6A7B35C-5F86-49AA-8B4C-A1E049DDAC74} IRP_MJ_CLOSE 85F9F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B6A7B35C-5F86-49AA-8B4C-A1E049DDAC74} IRP_MJ_DEVICE_CONTROL 85F9F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B6A7B35C-5F86-49AA-8B4C-A1E049DDAC74} IRP_MJ_INTERNAL_DEVICE_CONTROL 85F9F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B6A7B35C-5F86-49AA-8B4C-A1E049DDAC74} IRP_MJ_CLEANUP 85F9F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B6A7B35C-5F86-49AA-8B4C-A1E049DDAC74} IRP_MJ_PNP 85F9F1E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141 IRP_MJ_CREATE 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141 IRP_MJ_CLOSE 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141 IRP_MJ_DEVICE_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141 IRP_MJ_INTERNAL_DEVICE_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141 IRP_MJ_POWER 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141 IRP_MJ_SYSTEM_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141 IRP_MJ_PNP 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target1Lun0 IRP_MJ_CREATE 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target1Lun0 IRP_MJ_CLOSE 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target1Lun0 IRP_MJ_POWER 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target1Lun0 IRP_MJ_PNP 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target0Lun0 IRP_MJ_CREATE 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target0Lun0 IRP_MJ_CLOSE 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target0Lun0 IRP_MJ_POWER 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 85FA81E8
Device \Driver\amukpl14 \Device\Scsi\amukpl141Port5Path0Target0Lun0 IRP_MJ_PNP 85FA81E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85F1E1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85F1E1E8

---- Files - GMER 1.0.13 ----

File D:\music\OCRemix\Kirby\Kirby_Superstar_GreenGreens(ContagiousEyeInfection)_OC_ReMix.mp3
File D:\music\OCRemix\Kirby\Kirby_Superstar_Victory_Festival_OC_ReMix.mp3

---- EOF - GMER 1.0.13 ----

#9 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 18 August 2007 - 01:35 PM

Please post the Kaspersky Webscanner report as well.

#10 Belkorin

Belkorin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 23 August 2007 - 07:51 PM

KASPERSKY ONLINE SCANNER REPORT
Thursday, August 23, 2007 8:48:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/08/2007
Kaspersky Anti-Virus database records: 387267
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
X:\
Y:\
Z:\
Scan Statistics
Total number of scanned objects 227087
Number of viruses found 4
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 00:54:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\cert8.db Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\history.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\key3.db Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\parent.lock Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Belkorin\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\urlclassifier2.sqlite-journal Object is locked skipped
C:\Documents and Settings\Belkorin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\AOL\UserProfiles\1139115820\belkorin\cls\common.cls Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Application Data\Mozilla\Firefox\Profiles\35xwlx5o.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\History\History.IE5\MSHist012007082120070822\index.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\History\History.IE5\MSHist012007082220070823\index.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Temp\hsperfdata_Belkorin\2508 Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Temp\hsperfdata_Belkorin\3700 Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Temp\Perflib_Perfdata_944.dat Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Temp\~DFF4C4.tmp Object is locked skipped
C:\Documents and Settings\Belkorin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Belkorin\My Documents\My Received Files\MsnMsgr.txt Object is locked skipped
C:\Documents and Settings\Belkorin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Belkorin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

#11 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 24 August 2007 - 03:43 AM

Hello Belkorin, it seems some of the report got cut off. Could you post all of it, split it into two posts if you have to.

#12 Belkorin

Belkorin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 24 August 2007 - 11:59 AM

Nope, that's all there is in the file.

#13 Belkorin

Belkorin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 26 August 2007 - 02:40 PM

If it helps, one of the things that is devouring my hard drive space is in C:\windows\temp\. It's a pile of files with names like $77D349A7.t$m. There are a ton of them that are 0kb in size, one that's about 5000kb in size, and one that's about 376000kb in size, and no matter how many times I delete them, after a short while, they come back.

#14 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 27 August 2007 - 08:21 AM

Hello Belkorin

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


#15 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 21 September 2007 - 01:37 PM

This thread is considered stale and has been closed.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users