Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

College Student In Need Of Help With Faulty Computer


  • Please log in to reply
7 replies to this topic

#1 Darkstar765

Darkstar765

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 08 August 2007 - 01:46 PM

Hey Team I am in desperate need of help. I'm attending Cal Poly San Luis Obispo and my computer has been freezing non stop and cant believe it is even lasting this long. I cant get any of my work done. It will freeze and still have the background but none of the desktop icons will be gone and it forces me to restart my computer. I cant afford to take it anywhere, I will gladly made a 5 dollar donation as soon as someone helps me with my problem. Please someone help me. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:32 AM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [{5B-BA-A6-64-ZN}] C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Jerome Carollo\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159125170812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162335159015
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8492 bytes

BC AdBot (Login to Remove)

 


#2 Darkstar765

Darkstar765
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 09 August 2007 - 11:45 PM

Why is no one helping me?!?!!? Can you PLEASE tell me what I have to do...thanks in advance for your consideration.

#3 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 17 August 2007 - 08:46 AM

Hello Darkstar765, sorry for the delay. I'm just looking over your log and will get back to you soon.

#4 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 18 August 2007 - 11:25 AM

Hello Darkstar765, my name is Rorschach and I'll be helping you with your problems.


Please disable SpySweeper, as it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.

To disable SpySweeper:

Open it, click > Options over to the left then > Program Options > Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [{5B-BA-A6-64-ZN}] C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Jerome Carollo\Local Settings\Temp\thinksnet.exe


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

3. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files in bold (if present):

C:\Documents and Settings\Jerome Carollo\Local Settings\Temp\thinksnet.exe



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

So in your next reply I need to see the following : the two DSS texts in full, the GMER results, the Kaspersky Webscanner report, and tell me how your PC is running now and if you had any problems.

#5 Darkstar765

Darkstar765
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 18 August 2007 - 10:07 PM

Thank you very much for helping me. I notice a little difference in my performance, but I keep getting this trojan.Vundo pop up from my symantec scanner. Filename pmnljhh.dll. Also, what virus protection software do you recommend. And thank you again for your help.
Deckard's System Scanner v20070809.63
Run by Jerome Carollo on 2007-08-18 at 14:00:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2007-08-18 21:00:27 UTC - RP294 - Deckard's System Scanner Restore Point
61: 2007-08-18 06:10:00 UTC - RP293 - System Checkpoint
60: 2007-08-15 19:52:42 UTC - RP292 - System Checkpoint
59: 2007-08-14 19:00:43 UTC - RP291 - Software Distribution Service 3.0
58: 2007-08-14 00:04:11 UTC - RP290 - System Checkpoint


-- First Restore Point --
1: 2007-05-21 05:41:44 UTC - RP233 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 10.42 GiB (less than 15%) free.


-- HijackThis (run as Jerome Carollo.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:20 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Jerome Carollo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jerome Carollo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159125170812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162335159015
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8946 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070818-135429-382 O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Jerome Carollo\Local Settings\Temp\thinksnet.exe
backup-20070818-135429-465 O4 - HKLM\..\Run: [{5B-BA-A6-64-ZN}] C:\DOCUME~1\JEROME~1\LOCALS~1\Temp\thinksnet.exe CHD003

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 WmaCDriverV32 - c:\windows\system32\drivers\wmacdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-18 13:09:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-18 and 2007-08-18 -----------------------------

2007-08-08 12:22:12 34482 --ahs---- C:\WINDOWS\system32\adeeg.ini2
2007-08-08 11:44:12 0 d-------- C:\Program Files\Trend Micro
2007-08-08 01:12:00 6421 --ahs---- C:\WINDOWS\system32\adeeg.bak1
2007-08-08 01:10:05 0 --a------ C:\WINDOWS\system32\pmnljhh.dll
2007-08-08 01:06:43 0 d-------- C:\WINDOWS\system32\Z2
2007-08-08 01:06:43 0 d-------- C:\WINDOWS\system32\Z1
2007-08-08 01:06:43 0 d-------- C:\WINDOWS\system32\driver
2007-08-08 01:06:43 0 d-------- C:\WINDOWS\system32\A1
2007-08-08 01:06:36 0 d-------- C:\WINDOWS\system32\f02WtR
2007-08-01 15:45:37 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-01 15:45:33 0 d-------- C:\Program Files\Common Files\Motorola Shared
2007-08-01 15:37:24 5936 --a------ C:\Documents and Settings\Jerome Carollo\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-08-01 15:37:24 79328 --a------ C:\Documents and Settings\Jerome Carollo\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2007-08-01 15:37:23 92064 --a------ C:\Documents and Settings\Jerome Carollo\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2007-08-01 15:37:23 9232 --a------ C:\Documents and Settings\Jerome Carollo\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2007-08-01 15:37:23 4048 --a------ C:\Documents and Settings\Jerome Carollo\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-08-01 15:37:23 6208 --a------ C:\Documents and Settings\Jerome Carollo\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-08-01 15:37:22 66656 --a------ C:\Documents and Settings\Jerome Carollo\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-08-01 15:37:06 9232 --a------ C:\Documents and Settings\Jerome Carollo\1186007826-(null)
2007-08-01 15:37:06 5813 --a------ C:\Documents and Settings\Jerome Carollo\1186007825-(null)
2007-08-01 15:37:04 5877 --a------ C:\Documents and Settings\Jerome Carollo\1186007824-(null)
2007-08-01 15:37:04 6947 --a------ C:\Documents and Settings\Jerome Carollo\1186007822-(null)


-- Find3M Report ---------------------------------------------------------------

2007-08-18 00:39:46 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\dvdcss
2007-08-18 00:39:30 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\foobar2000
2007-08-17 22:52:43 0 d-------- C:\Program Files\Symantec AntiVirus
2007-08-17 22:52:31 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2007-08-17 22:52:29 35840 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2007-08-14 12:14:03 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2007-08-13 16:03:08 0 d-------- C:\Program Files\Ares
2007-08-11 00:36:02 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\Uniblue
2007-08-09 16:43:18 32256 --a------ C:\WINDOWS\system32\identprv.dll <Not Verified; Absolute Software Corporation; Installation/Management Application>
2007-08-04 17:50:07 3770 --a------ C:\WINDOWS\mozver.dat
2007-08-04 17:50:05 0 d-------- C:\Program Files\DivX
2007-08-04 02:00:57 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\Vso
2007-08-01 15:46:54 0 d-------- C:\Program Files\Motorola Phone Tools
2007-08-01 15:45:33 0 d-------- C:\Program Files\Common Files
2007-08-01 15:39:19 0 d-------- C:\Program Files\Avanquest update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 04:13 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 12:59 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 12:58 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 06:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/06/2004 11:01 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 11:05 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/28/2006 05:38 PM C:\WINDOWS\KHALMNPR.Exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 01:35 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 01:32 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 01:36 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/24/2006 05:14 PM]
"USB Storage Toolbox"="C:\Program Files\USBToolbox\Res.EXE" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 03:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/08/2007 06:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/21/2006 12:32:47 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/8/2007 6:09:06 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [9/13/2006 7:18:36 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegedit"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 02:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jerome Carollo^Start Menu^Programs^Startup^WASTE.lnk]
path=C:\Documents and Settings\Jerome Carollo\Start Menu\Programs\Startup\WASTE.lnk
backup=C:\WINDOWS\pss\WASTE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
"C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2938a636-782e-11db-ad5c-00166f955185}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9586ec01-f204-11db-adf0-00166f955185}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - ERASERUTILDRVI3



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***

150 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-08-18 at 14:03:39 ---------

Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1015.36 MiB / 554.16 MiB
Pagefile Memory (total/avail): 2445.36 MiB / 2072.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1964.7 MiB

C: is Fixed (NTFS) - 74.47 GiB total, 10.42 GiB free.
E: is Fixed (FAT32) - 232.83 GiB total, 41.72 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\ctmweb.exe"="C:\\WINDOWS\\system32\\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\ctmweb.exe"="C:\\WINDOWS\\system32\\ctmweb.exe:*:Enabled:ctmweb.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1159221522\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1159221522\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1159221522\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1159221522\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Jerome Carollo\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Jerome Carollo\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\WASTE\\WASTE.exe"="C:\\Program Files\\WASTE\\WASTE.exe:*:Enabled:Waste Secure Network"
"C:\\Documents and Settings\\Jerome Carollo\\My Documents\\application\\WASTE\\WASTE.exe"="C:\\Documents and Settings\\Jerome Carollo\\My Documents\\application\\WASTE\\WASTE.exe:*:Enabled:Waste Secure Network"
"C:\\Documents and Settings\\Jerome Carollo\\My Documents\\application\\WASTE\\WAb3STE.exe"="C:\\Documents and Settings\\Jerome Carollo\\My Documents\\application\\WASTE\\WAb3STE.exe:*:Enabled:Waste Secure Network"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jerome Carollo\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D733H6B1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jerome Carollo
LOGONSERVER=\\D733H6B1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JEROME~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JEROME~1\LOCALS~1\Temp
USERDOMAIN=D733H6B1
USERNAME=Jerome Carollo
USERPROFILE=C:\Documents and Settings\Jerome Carollo
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jerome Carollo (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom ASF Management Applications --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon i850 --> C:\WINDOWS\system32\CNMCP4b.exe "-PRINTERNAMECanon i850" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmi0409.dll"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Cisco Clean Access Agent --> MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
ConvertXtoDVD 2.1.7.188 Registered --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Cucusoft DVD to iPod + iPod Video Converter Suite 5.6.3.16 Beta --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
foobar2000 v0.9.4.3 --> "C:\Program Files\foobar2000\uninstall.exe"
Free WMA to MP3 Converter 1.16 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
K-Lite Codec Pack 2.73 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.6) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Pod+Rescue for Windows v1.0 --> "C:\Program Files\Pod+Rescue for Windows\unins000.exe"
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
ResNet Root Certificate Wizard --> C:\Program Files\ResNet\rncainst\uninst.exe
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
USB Mass Storage Toolbox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62B002C5-1AB3-11D8-8092-00E018B21FC0}\Setup.exe"
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 0.91 --> C:\Program Files\VideoraiPodConverter\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event ID #5789: Error
Event Submitted/Written: 08/18/2007 00:15:02 PM
Event Source: Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Event ID #5787: Error
Event Submitted/Written: 08/17/2007 11:58:23 PM
Event Source: Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Event ID #5783: Warning
Event Submitted/Written: 08/17/2007 10:52:43 PM
Event Source: Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event ID #5782: Warning
Event Submitted/Written: 08/17/2007 10:52:43 PM
Event Source: Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event ID #5781: Warning
Event Submitted/Written: 08/17/2007 10:52:43 PM
Event Source: Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #27504: Error
Event Submitted/Written: 08/18/2007 01:09:01 PM
Event Source: SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest.
Reference error message: The operation completed successfully.
.

Event ID #27503: Error
Event Submitted/Written: 08/18/2007 01:09:01 PM
Event Source: SideBySide
Event Description:
Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Event ID #27502: Error
Event Submitted/Written: 08/18/2007 01:09:01 PM
Event Source: SideBySide
Event Description:
Syntax error in manifest or policy file "assemblyIdentity1" on line assemblyIdentity2.
The required attribute version is missing from element assemblyIdentity.

Event ID #27501: Error
Event Submitted/Written: 08/18/2007 01:09:01 PM
Event Source: SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest.
Reference error message: The operation completed successfully.
.

Event ID #27500: Error
Event Submitted/Written: 08/18/2007 01:09:01 PM
Event Source: SideBySide
Event Description:
Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.



-- End of Deckard's System Scanner: finished at 2007-08-18 at 14:03:39 ---------
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-18 18:25:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT 86232BB8 ZwAlertResumeThread
SSDT 86316130 ZwAlertThread
SSDT 861B63D8 ZwAllocateVirtualMemory
SSDT 86353080 ZwCreateKey
SSDT 861ED488 ZwCreateMutant
SSDT 863658C8 ZwCreateProcess
SSDT 863D28C8 ZwCreateProcessEx
SSDT 85EAF838 ZwCreateThread
SSDT 86315EE8 ZwDeleteKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 8621C1D0 ZwFreeVirtualMemory
SSDT 861F5EB0 ZwImpersonateAnonymousToken
SSDT 862048A0 ZwImpersonateThread
SSDT 86333008 ZwMapViewOfSection
SSDT 861E9888 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT 8621E288 ZwOpenProcessToken
SSDT 86222588 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT 8611CB68 ZwQueryValueKey
SSDT 86315180 ZwQueueApcThread
SSDT 862DC528 ZwReadVirtualMemory
SSDT 863D7C38 ZwRenameKey
SSDT 860DCF30 ZwResumeThread
SSDT 862225C0 ZwSetContextThread
SSDT 863AB188 ZwSetInformationKey
SSDT 86222550 ZwSetInformationProcess
SSDT 86223300 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 8620D718 ZwSuspendProcess
SSDT 8622CB08 ZwSuspendThread
SSDT 860BFB18 ZwTerminateProcess
SSDT 86290C40 ZwTerminateThread
SSDT 8621E360 ZwUnmapViewOfSection
SSDT 86313670 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F68C662C 5 Bytes JMP 863651B8

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[724] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ DB, E7, C3, 83 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2A1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A0297 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A0218 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A025C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A01A4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A01DE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A02D2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1764] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F3164E C:\WINDOWS\system32\IEFRAME.dll

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F74F3580] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74F352C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750DAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F74F3580] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DFABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DFC00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DFB82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E072E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E0604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74F2B9A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 862DC438
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 862DC4B0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 862DC4B0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 862DC438
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 862DC438
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 862DC4B0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 862DC4B0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 862DC438
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 862DC4B0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 862DC438
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 862DC4B0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 862DC4B0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 862DC438

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceA] [6F8A063A] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1508] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 863641D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 863641D8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73D21DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F73D21DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F73D2454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73D21DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [AA66E8A0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [AA66E900] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [AA66E810] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [AA66E810] SYMEVENT.SYS

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85F746D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85F746D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL [AA344A05] tfsnifs.sys
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 852C3980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL [AA344A05] tfsnifs.sys
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 852C3980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 852C3980
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 86178668
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8616BF00
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 86185AB8
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 86191F68
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 861575B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 86184E70
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 8610BA70
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 86106708
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 8634E388
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 86221ED0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 86234B18
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 860DF100
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 861FF358
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 85F390B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 85FAB120
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 86014970
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 85F89128
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 8615C810
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 860B96C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 86112C70
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 860D4968
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 86311D18
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 8611B4D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 85F49720
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 860DA3E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 86010700
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 85F964A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 862339F0
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 860941D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 860941D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 860941D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 860941D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 860671D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 860671D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 860671D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 860671D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 860671D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 860671D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 860671D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 86178668
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8616BF00
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 86185AB8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 86191F68
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 861575B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 86184E70
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 8610BA70
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 86106708
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 8634E388
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 86221ED0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 86234B18
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 860DF100
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 861FF358
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 85F390B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 85FAB120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 86014970
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 85F89128
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 8615C810
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 860B96C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 86112C70
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 860D4968
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 86311D18
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 8611B4D0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 85F49720
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 860DA3E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 86010700
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 85F964A8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 862339F0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 863661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 863661D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 863D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 863D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 863D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 863D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 863D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 863D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 863D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 863D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 863D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 863D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 863D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 863D11D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 860B9980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 860B9980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 860B9980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 860B9980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 860B9980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 860B9980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 860B9980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{BECAC7C8-E5F4-4B19-A219-B988EBD93C93} IRP_MJ_CREATE 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{BECAC7C8-E5F4-4B19-A219-B988EBD93C93} IRP_MJ_CLOSE 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{BECAC7C8-E5F4-4B19-A219-B988EBD93C93} IRP_MJ_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{BECAC7C8-E5F4-4B19-A219-B988EBD93C93} IRP_MJ_INTERNAL_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{BECAC7C8-E5F4-4B19-A219-B988EBD93C93} IRP_MJ_CLEANUP 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{BECAC7C8-E5F4-4B19-A219-B988EBD93C93} IRP_MJ_PNP 860B9980
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 86178668
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 8616BF00
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 86185AB8
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 86191F68
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 861575B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 86184E70
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 8610BA70
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 86106708
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 8634E388
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 86221ED0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 86234B18
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 860DF100
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 861FF358
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 85F390B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 85FAB120
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 86014970
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 85F89128
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 8615C810
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 860B96C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 86112C70
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 860D4968
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 86311D18
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 8611B4D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 85F49720
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 860DA3E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 86010700
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 85F964A8
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 862339F0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 86178668
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 8616BF00
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 86185AB8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 86191F68
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 861575B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 86184E70
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 8610BA70
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 86106708
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 8634E388
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 86221ED0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 86234B18
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 860DF100
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 861FF358
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 85F390B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 85FAB120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 86014970
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 85F89128
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 8615C810
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 860B96C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 86112C70
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 860D4968
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 86311D18
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 8611B4D0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 85F49720
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 860DA3E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 86010700
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 85F964A8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 862339F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{97AA46B5-EE22-4003-A36F-50FEE8B104AC} IRP_MJ_CREATE 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{97AA46B5-EE22-4003-A36F-50FEE8B104AC} IRP_MJ_CLOSE 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{97AA46B5-EE22-4003-A36F-50FEE8B104AC} IRP_MJ_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{97AA46B5-EE22-4003-A36F-50FEE8B104AC} IRP_MJ_INTERNAL_DEVICE_CONTROL 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{97AA46B5-EE22-4003-A36F-50FEE8B104AC} IRP_MJ_CLEANUP 860B9980
Device \Driver\NetBT \Device\NetBT_Tcpip_{97AA46B5-EE22-4003-A36F-50FEE8B104AC} IRP_MJ_PNP 860B9980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 860941D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 860941D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86107488
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86107488
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 86178668
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 8616BF00
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 86185AB8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 86191F68
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 861575B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 86184E70
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 8610BA70
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 86106708
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 8634E388
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 86221ED0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 86234B18
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 860DF100
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 861FF358
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 85F390B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 85FAB120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 86014970
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 85F89128
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 8615C810
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 860B96C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 86112C70
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 860D4968
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 86311D18
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 8611B4D0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 85F49720
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 860DA3E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 86010700
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 85F964A8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 862339F0
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 860941D8
Device \Device\LanmanRedirector IRP_MJ_CREATE 86107488
Device \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86107488
Device \Device\LanmanRedirector IRP_MJ_CLOSE 86107488
Device \Device\LanmanRedirector IRP_MJ_READ 86107488
Device \Device\LanmanRedirector IRP_MJ_WRITE 86107488
Device \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86107488
Device \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86107488
Device \Device\LanmanRedirector IRP_MJ_QUERY_EA 86107488
Device \Device\LanmanRedirector IRP_MJ_SET_EA 86107488
Device \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86107488
Device \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86107488
Device \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86107488
Device \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86107488
Device \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86107488
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86107488
Device \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86107488
Device \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86107488
Device \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86107488
Device \Device\LanmanRedirector IRP_MJ_CLEANUP 86107488
Device \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86107488
Device \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86107488
Device \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86107488
Device \Device\LanmanRedirector IRP_MJ_POWER 86107488
Device \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86107488
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86107488
Device \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86107488
Device \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86107488
Device \Device\LanmanRedirector IRP_MJ_PNP 86107488
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 860941D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 860941D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 860941D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 860941D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 860941D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 860671D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 860671D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 860671D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 860671D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 860671D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 860671D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 860671D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 863661D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 863661D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85F746D8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85F746D8

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F75F8E9A] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F73D21DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F73D21DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F73D2454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F73D21DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F73C5F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F73C5F4C] fltMgr.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [AA344701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [AA344701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [AA344701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [AA344701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [AA344701] tfsnifs.sys

---- Files - GMER 1.0.13 ----

ADS C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP238\A0038538.exe:BAK
ADS C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260\A0042631.exe:BAK
ADS C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP262\A0045708.exe:BAK
ADS C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0052768.exe:BAK
ADS C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291\A0052877.exe:BAK

---- EOF - GMER 1.0.13 ----
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 18, 2007 8:00:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/08/2007
Kaspersky Anti-Virus database records: 385010
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\

Scan Statistics:
Total number of scanned objects: 78961
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:19:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05E80000\47EF5EB5.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0001\4EFD79A8.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0001\4EFD79A8.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0001\4EFD79A8.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0002\4EFD79B1.VBN Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0003\4EFD79BA.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0004\4EFD79C4.VBN Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000\4EFE60D8.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Jerome Carollo\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\history.dat Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\key3.db Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\Application Data\Mozilla\Firefox\Profiles\vnq98j3z.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\History\History.IE5\MSHist012007081820070819\index.dat Object is locked skipped
C:\Documents and Settings\Jerome Carollo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jerome Carollo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jerome Carollo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0004D49A-0DB8-4A92-8805-D83101729813.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS00AC114F-D6FC-49AA-969B-26C0E9E03B20.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0753318E-9203-4557-A413-24C50AA66ABF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C40B298-7EFD-423C-BC99-4A1FE7222A16.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11221EE0-7B79-45A9-8162-AC890EB357C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS114FA0C0-D8FE-472A-980E-5CE5415F8CAF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS18E4612A-A261-4254-9C08-284CF680196C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS225836B5-F1FC-472D-9A20-FCDB2D4E29A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26C9401B-A42E-4C1D-ADB6-FF4EA3CF7702.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28DDCCA7-AF97-46BC-9EFC-83D99F9E244E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B22E521-E913-433C-9A44-9AC890C54A13.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2BE8CEDD-5470-485C-8416-22AEB4F7D6C0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2ED91728-B705-4C67-A4C9-438B6BAC1E40.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS396ABA80-F2DD-4A3A-8887-0843BEF1DC20.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3ED792BE-D2C1-41CE-9375-8830BD10F7FF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43810DDF-3EC6-49F0-85BF-29BE7E35299C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS46911B96-076B-4BAD-9C8F-ED2D37ADC848.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A46D334-CEEC-4EC3-AAB1-142A8D83E696.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4BB8543A-3835-4955-B6A1-22449F26E228.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56AD8B20-B098-46A0-9AF0-100BE9B0986C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CE562D6-C3B1-4712-A42A-6F8023EB6E51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS608F66D7-3AFE-4774-B1DB-81A6660ECB5D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AABE980-8DD9-4232-A8B6-180F205E5282.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BDE4187-5996-4938-96BE-2E0D0D9A6AF4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DD436D2-5216-43AD-903A-65EB53003ECF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS768595B7-6842-46FA-9518-BF8ED45E0966.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7749AEE7-A6A6-4FB8-9FC0-F15408B37572.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7925F263-D460-4DAE-BFD6-2F903FBEB4DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B793BC5-D492-42B8-8F2A-62A446E9E267.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7C5CBE5C-F962-4A51-8E2F-ECEF61281558.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D0E5E45-C6C8-40C1-8301-8A5C235CED0F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FDE3FED-DE6F-4779-B9E2-09764C6261D3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS850BCCE2-FE70-4075-B34F-F36FE4BEFA1C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B8B5F07-45FE-49D9-92F3-B08F0C40CE55.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D8E3895-D4C8-47AA-9467-A638D7846AD7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8F1403A6-4F81-45B3-BC2D-FF24BEA9D6A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FA02241-ABAB-4DCB-9770-1CF112D60640.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90D618EB-EFDD-4304-A3EF-28A19B8E1732.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS912D174C-2FAB-4FBF-A0EB-35A454ABD122.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS91603AC7-F820-4758-8AF8-413495FA9794.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94C48A5E-989A-4AC3-898B-B53630960819.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2A79CA6-AEE9-4E81-AE0B-FDC1E41DD2DC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2D2BF12-F0B7-4342-8399-B5CC709DAC3D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA65120ED-343A-42CB-9062-066E98569719.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9E299F2-20A5-4817-A6C7-A811B2B968B9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA6657B9-6285-49EA-A6EF-CA1362C3E51F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB146BC0-53C4-460F-96FA-4E01C83A23F2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB97EA78-D8AB-4B60-B042-4752D14D7E2F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2A9F24C-1BE1-4663-8617-70D06DAA2E8C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC4B3F65D-1FFE-4E41-B879-58604F48AD07.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD16E3E5F-8728-4D38-A0E9-5B83AADC2E9C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD391638C-B15D-4005-AE48-31F36354698C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD5B9B4A3-73C2-4BED-8F16-063FF49D97CF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7F5BAB6-FEA8-47FC-9A00-D20C9BB2036D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD9203D5F-CA27-4343-B9F0-BE12B9442F79.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE0CA96D0-4612-4763-BA61-26F12A324C50.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE190D18D-7630-4CF5-BF99-2E9933E9A3D9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE3BE1E0C-E106-46AA-A47D-1AC08665F977.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE9B9E1BC-A857-49CE-B6C6-7F63E1DF6316.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF6FD899-A810-43E6-A306-2821C3C6CEDD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0B290AA-B1AF-4195-9911-13E0A64584C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF20766B4-2BB6-4924-B82C-DBD10289E0C0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB22E605-34EF-40D9-AD14-92B45CB8B037.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB308C79-4E48-46C6-83EE-6B3592DA6EF9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBB34D3A-39C3-42AE-9F02-86E0051859A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC5B91E0-7CF8-42FB-B860-9675A65EF514.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD288B98-0CFF-41DC-9D35-157C3168DA3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFE4B095D-8FBC-4B54-BCCE-2D1F3FB5998A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF7DE93F-2DE0-4F8B-B7F2-A704D431BEFE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jerome Carollo\Data\storydb.idx Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0040NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0829NAV~.TMP Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP294\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#6 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 19 August 2007 - 02:05 PM

Hello Darkstar765

Also, what virus protection software do you recommend.

Well Symantec seems to have done a decent job for you as you aren't too badly infected. I usually recommend AVG, AntiVir, Avast! to people. However you can't have more than one anti-virus running as it will lead to problems.


Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\adeeg.ini2
    C:\WINDOWS\system32\adeeg.bak1
    C:\WINDOWS\system32\pmnljhh.dll
    C:\WINDOWS\system32\Z2
    C:\WINDOWS\system32\Z1
    C:\WINDOWS\system32\driver
    C:\WINDOWS\system32\A1
    C:\WINDOWS\system32\f02WtR


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

I see you have Viewpoint Manager installed on your PC

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.

So in your next reply please post the following : the OTMoveIt results, the Dr. Web Cureit report, a new DSS log, and tell me how your PC is running now and if you had any problems.

#7 Darkstar765

Darkstar765
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 19 August 2007 - 08:43 PM

My computer seems to getting better slowly by surely. Here is what you asked for sir. Thank you.


C:\WINDOWS\system32\adeeg.ini2 moved successfully.
C:\WINDOWS\system32\adeeg.bak1 moved successfully.
File/Folder C:\WINDOWS\system32\pmnljhh.dll not found.
C:\WINDOWS\system32\Z2 moved successfully.
C:\WINDOWS\system32\Z1 moved successfully.
C:\WINDOWS\system32\driver moved successfully.
C:\WINDOWS\system32\A1 moved successfully.
C:\WINDOWS\system32\f02WtR moved successfully.

Created on 08/19/2007 16:53:43

rpcnet.exe;c:\windows\system32;Probably DLOADER.Trojan;Incurable.Deleted.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.3.30.1;Probably BACKDOOR.Trojan;Deleted.;
A0038246.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP233;Probably DLOADER.Trojan;Deleted.;
A0038247.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP233;Trojan.DownLoader.20856;Deleted.;
A0038270.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP234;Probably DLOADER.Trojan;Deleted.;
A0038271.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP234;Trojan.DownLoader.20856;Deleted.;
A0038370.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP236;Probably DLOADER.Trojan;Deleted.;
A0038371.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP236;Trojan.DownLoader.20856;Deleted.;
A0038428.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP236;Probably DLOADER.Trojan;Deleted.;
A0038429.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP236;Trojan.DownLoader.20856;Deleted.;
A0038452.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP237;Probably DLOADER.Trojan;Deleted.;
A0038453.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP237;Trojan.DownLoader.20856;Deleted.;
A0038463.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP237;Trojan.DownLoader.20856;Deleted.;
A0038538.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP238;Trojan.DownLoader.20856;Deleted.;
A0038539.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP238;Trojan.DownLoader.20856;Deleted.;
A0038542.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP238;Probably DLOADER.Trojan;Deleted.;
A0038543.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP238;Trojan.DownLoader.20856;Deleted.;
A0038576.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP239;Probably DLOADER.Trojan;Deleted.;
A0038577.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP239;Trojan.DownLoader.20856;Deleted.;
A0038646.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP240;Probably DLOADER.Trojan;Deleted.;
A0038647.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP240;Trojan.DownLoader.20856;Deleted.;
A0038670.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP241;Probably DLOADER.Trojan;Deleted.;
A0038671.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP241;Trojan.DownLoader.20856;Deleted.;
A0038685.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP241;Probably DLOADER.Trojan;Deleted.;
A0038686.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP241;Trojan.DownLoader.20856;Deleted.;
A0038758.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242;Probably DLOADER.Trojan;Deleted.;
A0038759.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242;Trojan.DownLoader.20856;Deleted.;
A0038916.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP243;Probably DLOADER.Trojan;Deleted.;
A0038917.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP243;Trojan.DownLoader.20856;Deleted.;
A0038987.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244;Probably DLOADER.Trojan;Deleted.;
A0038988.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244;Trojan.DownLoader.20856;Deleted.;
A0039036.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP245;Probably DLOADER.Trojan;Deleted.;
A0039037.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP245;Trojan.DownLoader.20856;Deleted.;
A0040029.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP246;Probably DLOADER.Trojan;Deleted.;
A0040030.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP246;Trojan.DownLoader.20856;Deleted.;
A0040066.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP247;Probably DLOADER.Trojan;Deleted.;
A0040067.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP247;Trojan.DownLoader.20856;Deleted.;
A0040112.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP248;Probably DLOADER.Trojan;Deleted.;
A0040113.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP248;Trojan.DownLoader.20856;Deleted.;
A0040174.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP249;Probably DLOADER.Trojan;Deleted.;
A0040175.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP249;Trojan.DownLoader.20856;Deleted.;
A0040329.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP251;Probably DLOADER.Trojan;Deleted.;
A0040330.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP251;Trojan.DownLoader.20856;Deleted.;
A0040389.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP252;Probably DLOADER.Trojan;Deleted.;
A0040390.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP252;Trojan.DownLoader.20856;Deleted.;
A0040467.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP254;Probably DLOADER.Trojan;Deleted.;
A0040468.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP254;Trojan.DownLoader.20856;Deleted.;
A0040510.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP255;Probably DLOADER.Trojan;Deleted.;
A0040511.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP255;Trojan.DownLoader.20856;Deleted.;
A0040624.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP257;Probably DLOADER.Trojan;Deleted.;
A0040625.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP257;Trojan.DownLoader.20856;Deleted.;
A0041619.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP257;Probably DLOADER.Trojan;Deleted.;
A0041620.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP257;Trojan.DownLoader.20856;Deleted.;
A0042618.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP259;Probably DLOADER.Trojan;Deleted.;
A0042619.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP259;Trojan.DownLoader.20856;Deleted.;
A0042631.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Trojan.DownLoader.20856;Deleted.;
A0042632.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Trojan.DownLoader.20856;Deleted.;
A0042636.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Probably DLOADER.Trojan;Deleted.;
A0042637.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Trojan.DownLoader.20856;Deleted.;
A0043639.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Probably DLOADER.Trojan;Deleted.;
A0043640.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Trojan.DownLoader.20856;Deleted.;
A0043662.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Probably DLOADER.Trojan;Deleted.;
A0043663.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP260;Trojan.DownLoader.20856;Deleted.;
A0044662.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP261;Probably DLOADER.Trojan;Deleted.;
A0044663.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP261;Trojan.DownLoader.20856;Deleted.;
A0044680.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP261;Probably DLOADER.Trojan;Deleted.;
A0044681.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP261;Trojan.DownLoader.20856;Deleted.;
A0045685.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP261;Probably DLOADER.Trojan;Deleted.;
A0045686.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP261;Trojan.DownLoader.20856;Deleted.;
A0045708.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP262;Trojan.DownLoader.20856;Deleted.;
A0045709.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP262;Trojan.DownLoader.20856;Deleted.;
A0045718.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP262;Probably DLOADER.Trojan;Deleted.;
A0045719.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP262;Trojan.DownLoader.20856;Deleted.;
A0045790.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP264;Probably DLOADER.Trojan;Deleted.;
A0045791.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP264;Trojan.DownLoader.20856;Deleted.;
A0045878.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP266;Probably DLOADER.Trojan;Deleted.;
A0045879.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP266;Trojan.DownLoader.20856;Deleted.;
A0045905.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP266;Probably DLOADER.Trojan;Deleted.;
A0045906.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP266;Trojan.DownLoader.20856;Deleted.;
A0045955.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP267;Probably DLOADER.Trojan;Deleted.;
A0045956.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP267;Trojan.DownLoader.20856;Deleted.;
A0045970.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP267;Probably DLOADER.Trojan;Deleted.;
A0045971.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP267;Trojan.DownLoader.20856;Deleted.;
A0045997.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP268;Probably DLOADER.Trojan;Deleted.;
A0045998.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP268;Trojan.DownLoader.20856;Deleted.;
A0046010.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP268;Probably DLOADER.Trojan;Deleted.;
A0046011.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP268;Trojan.DownLoader.20856;Deleted.;
A0046041.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP269;Probably DLOADER.Trojan;Deleted.;
A0046042.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP269;Trojan.DownLoader.20856;Deleted.;
A0046083.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP270;Probably DLOADER.Trojan;Deleted.;
A0046084.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP270;Trojan.DownLoader.20856;Deleted.;
A0046123.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP272;Probably DLOADER.Trojan;Deleted.;
A0046124.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP272;Trojan.DownLoader.20856;Deleted.;
A0046155.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP273;Probably DLOADER.Trojan;Deleted.;
A0046156.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP273;Trojan.DownLoader.20856;Deleted.;
A0046263.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP274;Probably DLOADER.Trojan;Deleted.;
A0046264.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP274;Trojan.DownLoader.20856;Deleted.;
A0047263.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP274;Probably DLOADER.Trojan;Deleted.;
A0047264.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP274;Trojan.DownLoader.20856;Deleted.;
A0047291.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP275;Probably DLOADER.Trojan;Deleted.;
A0047292.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP275;Trojan.DownLoader.20856;Deleted.;
A0047306.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP275;Probably DLOADER.Trojan;Deleted.;
A0047307.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP275;Trojan.DownLoader.20856;Deleted.;
A0047332.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP276;Probably DLOADER.Trojan;Deleted.;
A0047333.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP276;Trojan.DownLoader.20856;Deleted.;
A0047377.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP276;Probably DLOADER.Trojan;Deleted.;
A0047378.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP276;Trojan.DownLoader.20856;Deleted.;
A0047413.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP277;Probably DLOADER.Trojan;Deleted.;
A0047414.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP277;Trojan.DownLoader.20856;Deleted.;
A0047445.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP277;Probably DLOADER.Trojan;Deleted.;
A0047446.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP277;Trojan.DownLoader.20856;Deleted.;
A0047474.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP278;Probably DLOADER.Trojan;Deleted.;
A0047475.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP278;Trojan.DownLoader.20856;Deleted.;
A0047487.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP278;Probably DLOADER.Trojan;Deleted.;
A0047489.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP278;Trojan.DownLoader.20856;Deleted.;
A0047533.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP279;Probably DLOADER.Trojan;Deleted.;
A0047534.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP279;Trojan.DownLoader.20856;Deleted.;
A0047546.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP279;Probably DLOADER.Trojan;Deleted.;
A0047547.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP279;Trojan.DownLoader.20856;Deleted.;
A0047562.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP279;Probably DLOADER.Trojan;Deleted.;
A0047564.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP279;Trojan.DownLoader.20856;Deleted.;
A0047606.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP280;Probably DLOADER.Trojan;Deleted.;
A0047607.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP280;Trojan.DownLoader.20856;Deleted.;
A0047681.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP281;Probably DLOADER.Trojan;Deleted.;
A0047682.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP281;Trojan.DownLoader.20856;Deleted.;
A0048179.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP282;Probably DLOADER.Trojan;Deleted.;
A0048181.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP282;Trojan.DownLoader.20856;Deleted.;
A0048225.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP283;Probably DLOADER.Trojan;Deleted.;
A0048226.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP283;Trojan.DownLoader.20856;Deleted.;
A0049225.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Probably DLOADER.Trojan;Deleted.;
A0049226.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Trojan.DownLoader.20856;Deleted.;
A0049244.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Probably DLOADER.Trojan;Deleted.;
A0049245.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Trojan.DownLoader.20856;Deleted.;
A0050248.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Probably DLOADER.Trojan;Deleted.;
A0050249.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Trojan.DownLoader.20856;Deleted.;
A0050268.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Probably DLOADER.Trojan;Deleted.;
A0050269.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP284;Trojan.DownLoader.20856;Deleted.;
A0050280.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0050281.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0050296.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0050297.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0050311.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0050312.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0050325.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0050327.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0051324.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0051325.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0052326.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0052328.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0052621.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0052622.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0052636.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0052637.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0052649.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Probably DLOADER.Trojan;Deleted.;
A0052650.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP285;Trojan.DownLoader.20856;Deleted.;
A0052661.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286;Probably DLOADER.Trojan;Deleted.;
A0052662.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286;Trojan.DownLoader.20856;Deleted.;
A0052671.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286;Probably DLOADER.Trojan;Deleted.;
A0052672.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286;Trojan.DownLoader.20856;Deleted.;
A0052684.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286;Probably DLOADER.Trojan;Deleted.;
A0052685.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286;Trojan.DownLoader.20856;Deleted.;
A0052702.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP287;Probably DLOADER.Trojan;Deleted.;
A0052703.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP287;Trojan.DownLoader.20856;Deleted.;
A0052736.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP288;Probably DLOADER.Trojan;Deleted.;
A0052737.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP288;Trojan.DownLoader.20856;Deleted.;
A0052768.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290;Trojan.DownLoader.20856;Deleted.;
A0052769.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290;Trojan.DownLoader.20856;Deleted.;
A0052772.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290;Probably DLOADER.Trojan;Deleted.;
A0052773.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290;Trojan.DownLoader.20856;Deleted.;
A0052877.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291;Trojan.DownLoader.20856;Deleted.;
A0052878.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291;Trojan.DownLoader.20856;Deleted.;
A0052901.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291;Probably DLOADER.Trojan;Deleted.;
A0052902.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291;Trojan.DownLoader.20856;Deleted.;
A0052914.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291;Probably DLOADER.Trojan;Deleted.;
A0052915.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291;Trojan.DownLoader.20856;Deleted.;
A0052935.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP292;Probably DLOADER.Trojan;Deleted.;
A0052936.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP292;Trojan.DownLoader.20856;Deleted.;
A0053932.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP292;Probably DLOADER.Trojan;Deleted.;
A0053933.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP292;Trojan.DownLoader.20856;Deleted.;
A0053952.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP292;Probably DLOADER.Trojan;Deleted.;
A0053953.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP292;Trojan.DownLoader.20856;Deleted.;
A0054011.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP294;Probably DLOADER.Trojan;Deleted.;
A0054012.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP294;Trojan.DownLoader.20856;Deleted.;
A0054017.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP294;Probably DLOADER.Trojan;Deleted.;
A0054018.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP294;Trojan.DownLoader.20856;Deleted.;
A0054034.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP294;Probably DLOADER.Trojan;Deleted.;
A0054035.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP294;Trojan.DownLoader.20856;Deleted.;
A0054048.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP295;Probably DLOADER.Trojan;Deleted.;
rpcnet.dll;C:\WINDOWS\system32;Probably DLOADER.Trojan;Deleted.;
rpcnetp.dll;C:\WINDOWS\system32;Trojan.DownLoader.20856;Deleted.;
rpcnetp.exe;C:\WINDOWS\system32;Trojan.DownLoader.20856;Deleted.;

Deckard's System Scanner v20070809.63
Run by Jerome Carollo on 2007-08-19 at 18:39:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 10.35 GiB (less than 15%) free.


-- HijackThis (run as Jerome Carollo.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:04 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jerome Carollo\Desktop\Bleeping Comp\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JEROME~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159125170812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162335159015
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9081 bytes

-- Files created between 2007-07-19 and 2007-08-19 -----------------------------

2007-08-19 16:58:30 0 d-------- C:\Documents and Settings\Jerome Carollo\DoctorWeb
2007-08-18 18:16:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-18 18:16:52 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-08 11:44:12 0 d-------- C:\Program Files\Trend Micro
2007-08-01 15:45:37 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-01 15:45:33 0 d-------- C:\Program Files\Common Files\Motorola Shared
2007-08-01 15:37:24 5936 --a------ C:\Documents and Settings\Jerome Carollo\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-08-01 15:37:24 79328 --a------ C:\Documents and Settings\Jerome Carollo\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2007-08-01 15:37:23 92064 --a------ C:\Documents and Settings\Jerome Carollo\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2007-08-01 15:37:23 9232 --a------ C:\Documents and Settings\Jerome Carollo\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2007-08-01 15:37:23 4048 --a------ C:\Documents and Settings\Jerome Carollo\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-08-01 15:37:23 6208 --a------ C:\Documents and Settings\Jerome Carollo\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-08-01 15:37:22 66656 --a------ C:\Documents and Settings\Jerome Carollo\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-08-01 15:37:06 9232 --a------ C:\Documents and Settings\Jerome Carollo\1186007826-(null)
2007-08-01 15:37:06 5813 --a------ C:\Documents and Settings\Jerome Carollo\1186007825-(null)
2007-08-01 15:37:04 5877 --a------ C:\Documents and Settings\Jerome Carollo\1186007824-(null)
2007-08-01 15:37:04 6947 --a------ C:\Documents and Settings\Jerome Carollo\1186007822-(null)


-- Find3M Report ---------------------------------------------------------------

2007-08-19 18:26:00 0 d-------- C:\Program Files\Viewpoint
2007-08-19 15:43:00 0 d-------- C:\Program Files\Symantec AntiVirus
2007-08-18 00:39:46 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\dvdcss
2007-08-18 00:39:30 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\foobar2000
2007-08-13 16:03:08 0 d-------- C:\Program Files\Ares
2007-08-11 00:36:02 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\Uniblue
2007-08-09 16:43:18 32256 --a------ C:\WINDOWS\system32\identprv.dll <Not Verified; Absolute Software Corporation; Installation/Management Application>
2007-08-04 17:50:07 3770 --a------ C:\WINDOWS\mozver.dat
2007-08-04 17:50:05 0 d-------- C:\Program Files\DivX
2007-08-04 02:00:57 0 d-------- C:\Documents and Settings\Jerome Carollo\Application Data\Vso
2007-08-01 15:46:54 0 d-------- C:\Program Files\Motorola Phone Tools
2007-08-01 15:45:33 0 d-------- C:\Program Files\Common Files
2007-08-01 15:39:19 0 d-------- C:\Program Files\Avanquest update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 04:13 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 12:59 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 12:58 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 06:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/06/2004 11:01 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 11:05 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/28/2006 05:38 PM C:\WINDOWS\KHALMNPR.Exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 01:35 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 01:32 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 01:36 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/24/2006 05:14 PM]
"USB Storage Toolbox"="C:\Program Files\USBToolbox\Res.EXE" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 03:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/08/2007 06:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/21/2006 12:32:47 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/8/2007 6:09:06 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [9/13/2006 7:18:36 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegedit"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 02:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jerome Carollo^Start Menu^Programs^Startup^WASTE.lnk]
path=C:\Documents and Settings\Jerome Carollo\Start Menu\Programs\Startup\WASTE.lnk
backup=C:\WINDOWS\pss\WASTE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
"C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2938a636-782e-11db-ad5c-00166f955185}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9586ec01-f204-11db-adf0-00166f955185}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-08-19 at 18:40:29 ---------

#8 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 21 August 2007 - 09:15 AM

Hello Darkstar765, your logs are looking good! We need to do a few little things now.


Some clean up :

Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot. Then you can delete OTMoveIt.exe and the folder C:\_OTMoveIt



To re-enable SpySweeper:

Open it, click > Options over to the left then > Program Options > Check "load at windows startup".
Over to the left click "shields" and check all there.
Check "home page shield".
Check "automatically restore default without notification".



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users