Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't fix trojan horse and malware


  • Please log in to reply
15 replies to this topic

#1 jboyer08

jboyer08

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 27 August 2009 - 09:37 AM

The trojan horse and malware stop me from using programs that may help me fix this problem. I get random explorer advertisements and when I enter a website it jumps me to an advertisement page. Usually it is one telling me to buy antivrus software. On my toolbar I have a red circle with and X on it saying my computer is infected by spyware and windows recommends I download their antispyware.

The dds program pops up and then before it can do anything it just dissapears. When I run rootrepeal it will let me scan everything but the files section. If I run the files section rootrepeal dissapears.

I can't reboot into safe mode at all. I get a blue screen with an error message on it. I was able to run a antivirus program and it came up with trojan horse Generic 14.ACVD, and Trojan horse spamBot.w. My virus scan information will be below.

I will attatch my rootrepeal report that is missing the file section.

Thanks,
Jon

Scan "Scan whole computer" was finished.
Infections;"15";"13";"2"
Spyware;"2";"2";"0"
Warnings;"164"
Information;"4"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Wednesday, August 26, 2009, 11:22:22 AM"
Scan finished:;"Wednesday, August 26, 2009, 7:03:10 PM (7 hour(s) 40 minute(s) 48 second(s))"
Total object scanned:;"1210887"
User who launched the scan:;"Jon"

Infections
File;"Infection";"Result"
C:\Documents and Settings\Jon\Local Settings\Temp\killti.exe;"Trojan horse Generic12.BUXN";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Local Settings\Temp\Temporary Directory 3 for Nero Burning Rom 6.3.0.0 + Vision Express 2.2 + KeyGen + DVD-PlugIn.zip\Nero 63\Nero63_Keygen.exe;"Trojan horse Agent.AIIK";"Moved to Virus Vault"
C:\Documents and Settings\Jon\My Documents\Downloads\Nero Burning Rom 6.3.0.0 + Vision Express 2.2 + KeyGen + DVD-PlugIn.zip;"Trojan horse Agent.AIIK";"Infected"
C:\Documents and Settings\Jon\My Documents\Downloads\Nero Burning Rom 6.3.0.0 + Vision Express 2.2 + KeyGen + DVD-PlugIn.zip:\Nero 63\Nero63_Keygen.exe;"Trojan horse Agent.AIIK";"Infected"
C:\Documents and Settings\Jon\My Documents\Downloads\Nero Burning Rom 6.3.0.0 + Vision Express 2.2 + KeyGen + DVD-PlugIn\Nero 63\Nero63_Keygen.exe;"Trojan horse Agent.AIIK";"Moved to Virus Vault"
C:\kvhwftjn.exe;"Trojan horse SHeur2.AYCY";"Moved to Virus Vault"
C:\Program Files\Alcohol Soft\Alcohol 120\Activation Patch.exe;"Trojan horse Generic10.ATYN";"Moved to Virus Vault"
C:\Program Files\Alcohol Soft\Alcohol 120\blz-a120_1953823-patch.exe;"Trojan horse PSW.OnlineGames.FIY";"Moved to Virus Vault"
C:\Program Files\BitComet\Downloads\Alcohol 120% v1.9.5.3105 Retail\Activation Patch.exe;"Trojan horse Generic10.ATYN";"Moved to Virus Vault"
C:\Program Files\BitComet\Downloads\Alcohol 120% v1.9.5.3105 Retail\Alcohol 120% v1.9.5.3105 Retail With Full Activation Patch.zip;"Trojan horse Generic10.ATYN";"Moved to Virus Vault"
C:\Program Files\BitComet\Downloads\Alcohol 120% v1.9.5.3105 Retail\Alcohol 120% v1.9.5.3105 Retail With Full Activation Patch.zip:\Alcohol 120% v1.9.5.3105 Retail\Activation Patch.exe;"Trojan horse Generic10.ATYN";"Moved to Virus Vault"
C:\Program Files\BitComet\Downloads\Alcohol.120.v1.9.5.3823.Retail.Cracked\b-a1958\blz-a120_1953823-patch.exe;"Trojan horse PSW.OnlineGames.FIY";"Moved to Virus Vault"
C:\Program Files\BitComet\Downloads\FlashFXP_34_Setup_Cracked-TMD.exe;"Trojan horse Generic2.JIJ.dropper";"Moved to Virus Vault"
C:\Program Files\Microsoft AntiSpyware\Quarantine\A905EE24-F040-42B3-A112-F85333\1FC48AA2-FC01-4857-A51C-DCD730;"Trojan horse Downloader.Small.25.AI";"Moved to Virus Vault"
C:\Program Files\PC_Antispyware2010\wscui.cpl;"Trojan horse Generic14.PYB";"Moved to Virus Vault"

Spyware
File;"Infection";"Result"
C:\Documents and Settings\Jon\Local Settings\Temp\cmdinst.exe;"Adware Generic.RTQ";"Moved to Virus Vault"
C:\Program Files\Microsoft AntiSpyware\Quarantine\F86E1761-6E60-43B0-96C6-EC81C7\06973A30-E7F6-4FED-A064-A3ADBB;"Adware Generic2.OQO";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.1aa86b19;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.1cc4cdf1;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.23a940be;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.23cd2da4;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.281e40b9;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.3a3be078;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.3fd7d418;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.2ebf85ed;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.330fc207;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.3609a41b;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.3639522a;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.404851f2;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.41207ad0;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.41406ce9;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.484dbb69;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.4d4ae8f7;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.53608cd2;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.5f614785;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.604e8841;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.6b2d0dbe;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.6d0150be;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.7240d9af;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.54727064;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.8697b27d;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.8d863dfe;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.998e8f2e;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.905a98f8;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.9a6b3bd4;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.a3f129dd;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.a53b441a;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.a66c055e;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.ba00a41a;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.a6857ebc;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.a82878e0;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.a8b6fac9;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.aab46bf4;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.ad50e545;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.b8fd3670;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.daeb3377;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.daf5afc9;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.eac1437;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.ec316c0;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.f0c0f9cf;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.ac5209af;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.d3df4663;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.e40cae55;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.e57baa05;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.f29f622e;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\2o7.net.f7416ceb;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.3dabece;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.7bd525e5;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.2c40f239;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.3dabece;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.4c60c3f1;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.cbf8df3e;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\admarketplace.net.61a250a;"Found Tracking cookie.Admarketplace";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\advertising.com.1dfa2206;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\pro-market.net.b51604f4;"Found Tracking cookie.Pro-market";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\atdmt.com.ce59db3e;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.1bfc0218;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.7bd525e5;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.b1023a8b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adbrite.com.44f92a69;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adopt.euroclick.com.891542da;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adrevolver.com.4a719aa9;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adrevolver.com.9b9d670a;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adrevolver.com.b595d4db;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adrevolver.com.f6cfcad4;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\atdmt.com.9e6d7fd3;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\bluestreak.com.bf396750;"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\adtech.de.d551775e;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\bfast.com.c53c448c;"Found Tracking cookie.Bfast";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\burstnet.com.27341d57;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\doubleclick.net.ce59db3e;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\fastclick.net.8dd1284a;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\fastclick.net.9b41aa53;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\fortunecity.com.68087763;"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\fortunecity.com.6b2e2a72;"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\fortunecity.com.ef906bac;"Found Tracking cookie.Fortunecity";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\gamershell.com.13a6979d;"Found Tracking cookie.Gamershell";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.539b0606;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.57f415b5;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\media.adrevolver.com.5fed601d;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\overture.com.d727de6f;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\overture.com.e626e6be;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\pro-market.net.bbf67f2d;"Found Tracking cookie.Pro-market";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\qksrv.net.3f989311;"Found Tracking cookie.Qksrv";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\realmedia.com.125a868c;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\realmedia.com.68087763;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\realmedia.com.6b2e2a72;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\realmedia.com.ef906bac;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.122bd7a6;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.271f5c18;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.8d15c3aa;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.3718fcba;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\tacoda.net.a3218a37;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\qksrv.net.2060efc3;"Found Tracking cookie.Qksrv";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\yadro.ru.c77afad5;"Found Tracking cookie.Yadro";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\yieldmanager.com.795c98fe;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\yieldmanager.com.ce59db3e;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\zedo.com.775ee79c;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\zedo.com.ce59db3e;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\iukdl3n1.default\cookies.sqlite:\zedo.com.ff8ec9c0;"Found Tracking cookie.Zedo";"Potentially dangerous object"
C:\Documents and Settings\Jon\Cookies\jon@2o7[2].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@2o7[2].txt:\2o7.net.f0208b87;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.87a9ab5d;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b4be891c;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.44f92a69;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.557c9f74;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.775ee79c;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.7d3168b9;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@admarketplace[1].txt;"Found Tracking cookie.Admarketplace";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@admarketplace[1].txt:\admarketplace.net.61a250a;"Found Tracking cookie.Admarketplace";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adtech[1].txt;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@adtech[1].txt:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@advertising[2].txt;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@advertising[2].txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@bluestreak[1].txt;"Found Tracking cookie.Bluestreak";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@bluestreak[1].txt:\bluestreak.com.bf396750;"Found Tracking cookie.Bluestreak";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@bluestreak[2].txt;"Found Tracking cookie.Bluestreak";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@bluestreak[2].txt:\bluestreak.com.bf396750;"Found Tracking cookie.Bluestreak";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@bs.serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@burstnet[1].txt;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@burstnet[1].txt:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@burstnet[1].txt:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt:\casalemedia.com.12e6c053;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt:\casalemedia.com.1773afc;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt:\casalemedia.com.2d37ad26;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt:\casalemedia.com.350339d4;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt:\casalemedia.com.8c65eddd;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@casalemedia[2].txt:\casalemedia.com.987e6b46;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@enhance[1].txt;"Found Tracking cookie.Enhance";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@enhance[1].txt:\enhance.com.2ff9c31e;"Found Tracking cookie.Enhance";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@enhance[1].txt:\enhance.com.378d31e7;"Found Tracking cookie.Enhance";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@fastclick[1].txt:\fastclick.net.8dd1284a;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@fastclick[1].txt:\fastclick.net.9b41aa53;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@overture[1].txt;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@overture[1].txt:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@overture[1].txt:\overture.com.bbef524a;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@overture[1].txt:\overture.com.d727de6f;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@pro-market[2].txt;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@pro-market[2].txt:\pro-market.net.266912e2;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@pro-market[2].txt:\pro-market.net.679dd108;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@pro-market[2].txt:\pro-market.net.b51604f4;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@pro-market[2].txt:\pro-market.net.bbf67f2d;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@questionmarket[1].txt;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@questionmarket[1].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@questionmarket[1].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@questionmarket[1].txt:\questionmarket.com.767e4302;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@questionmarket[2].txt;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@questionmarket[2].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@questionmarket[2].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@realmedia[1].txt;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@realmedia[1].txt:\realmedia.com.71465e38;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@realmedia[1].txt:\realmedia.com.855b46d;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@realmedia[1].txt:\realmedia.com.ef906bac;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@serving-sys[2].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@statse.webtrendslive[1].txt;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@trafficmp[1].txt;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@trafficmp[1].txt:\trafficmp.com.37644bdb;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@trafficmp[1].txt:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@trafficmp[1].txt:\trafficmp.com.ae53b8b;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@trafficmp[1].txt:\trafficmp.com.e2e71e33;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@trafficmp[1].txt:\trafficmp.com.f3e5803e;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@yadro[1].txt;"Found Tracking cookie.Yadro";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@yadro[1].txt:\yadro.ru.c77afad5;"Found Tracking cookie.Yadro";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[2].txt;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[2].txt:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[2].txt:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[2].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[2].txt:\zedo.com.cef1c7af;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[2].txt:\zedo.com.dd15d628;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[2].txt:\zedo.com.f1d14556;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.14a38114;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.6a4b36ab;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.cef1c7af;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.dd15d628;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.f1d14556;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Cookies\jon@zedo[3].txt:\zedo.com.f462b69f;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Local Settings\Temp\4zr110ca.rar;"Archive bomb";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Local Settings\Temp\7zh920ka.rar;"Archive bomb";"Moved to Virus Vault"
C:\Documents and Settings\Jon\Local Settings\Temp\uwbpwrw3.rar;"Archive bomb";"Moved to Virus Vault"
HKCR\exefile\shell\open\command\\;"Found registry key with reference to file C:\WINDOWS\system32\desot.exe";"Healed"

Information
File;"Infection";"Result"
C:\Documents and Settings\Jon\Desktop\Unused Desktop Shortcuts\godfather.exe;"Runtime packed fsg";""
C:\Program Files\Electronic Arts\The Godfather The Game\New Folder\TheGodFatherTheGamev1.0NoDVDFixedexeEng.rar;"Runtime packed fsg";""
C:\Program Files\Electronic Arts\The Godfather The Game\New Folder\TheGodFatherTheGamev1.0NoDVDFixedexeEng.rar:\godfather.exe;"Runtime packed fsg";""
C:\Program Files\Electronic Arts\The Godfather The Game\New Folder\TheGodFatherTheGamev1.0NoDVDFixedexeEng\godfather.exe;"Runtime packed fsg";""



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 08:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7838000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: 00000078
Image Path: \Driver\00000078
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA3D70000 Size: 479232 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA0CD7000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xBA507000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xBA29F000 Size: 61440 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "a347bus.sys" at address 0xf74d4af8

#: 041 Function Name: NtCreateKey
Status: Hooked by "a347bus.sys" at address 0xf74d4ab0

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "a347bus.sys" at address 0xf74c8b00

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x87baf109

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "a347bus.sys" at address 0xf74c9388

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "a347bus.sys" at address 0xf74d4bf0

#: 119 Function Name: NtOpenKey
Status: Hooked by "a347bus.sys" at address 0xf74d4a74

#: 160 Function Name: NtQueryKey
Status: Hooked by "a347bus.sys" at address 0xf74c93a8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "a347bus.sys" at address 0xf74d4b46

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "a347bus.sys" at address 0xf74d4390

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf750c148

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a8b4688 Size: 15

Object: Hidden Code [Driver: InCDrec, IRP_MJ_READ]
Process: System Address: 0x89ac4c30 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89950980 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a2c2750 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_CREATE]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_CLOSE]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_READ]
Process: System Address: 0x89ac1c30 Size: 11

Object: Hidden Code [Driver: InCDfs, IRP_MJ_WRITE]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_SET_EA]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_CLEANUP]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_POWER]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: InCDfs, IRP_MJ_PNP]
Process: System Address: 0x899c2a70 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x8a9039c0 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x8a9039c0 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9039c0 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9039c0 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x8a9039c0 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9039c0 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x8a9039c0 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x8a9053d0 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x8a9053d0 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9053d0 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9053d0 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x8a9053d0 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9053d0 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x8a9053d0 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x8a8b40e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b40e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b40e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b40e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x8a8b40e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b40e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x8a8b40e8 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x8a8b6350 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b6350 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b6350 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b6350 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x8a8b6350 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b6350 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x8a8b6350 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x8a903eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x8a903eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a903eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a903eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x8a903eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a903eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x8a903eb0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x8a8b6e30 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b6e30 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b6e30 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b6e30 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x8a8b6e30 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b6e30 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x8a8b6e30 Size: 15

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_READ]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_WRITE]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_EA]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLEANUP]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP]
Process: System Address: 0x8793d6d0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a36db38 Size: 99

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x8a8b5eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b5eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b5eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b5eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x8a8b5eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b5eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x8a8b5eb0 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x8a8b5c78 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b5c78 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b5c78 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b5c78 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x8a8b5c78 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b5c78 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x8a8b5c78 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x8a8b68c0 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b68c0 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b68c0 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b68c0 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x8a8b68c0 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b68c0 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x8a8b68c0 Size: 15

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a2bd710 Size: 99

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x8a904940 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x8a904940 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a904940 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a904940 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x8a904940 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a904940 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x8a904940 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x8a8b5a40 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b5a40 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b5a40 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b5a40 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x8a8b5a40 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b5a40 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x8a8b5a40 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x8a904bf8 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x8a904bf8 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a904bf8 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a904bf8 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x8a904bf8 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a904bf8 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x8a904bf8 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x8a905688 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x8a905688 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a905688 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a905688 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x8a905688 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a905688 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x8a905688 Size: 15

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x8a8b75d0 Size: 15

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b75d0 Size: 15

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b75d0 Size: 15

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x8a8b75d0 Size: 15

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b75d0 Size: 15

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x8a8b75d0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x8a8b4940 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: Sy==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:31 AM

Posted 28 August 2009 - 04:55 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download and run Win32kDiag:
Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Please post the following logs in your next reply:

* Win32kDiag.txt
* Log.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jboyer08

jboyer08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 29 August 2009 - 09:34 AM

Hi Sam,

The win32Diag program took around 25min to complete. The peek program took 1 second.



Log file is located at: C:\Documents and Settings\Jon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP15C.tmp\ZAP15C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP245.tmp\ZAP245.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp\ZAP260.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TEMP\TEMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\90A2CC5A3D9ECE9429D33078B4DBC4C2\1.20.0\1.20.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MUI\MUI

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe

[1] 2004-08-04 04:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe ()

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sm9u\Sm9u

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f0c43c883b45dd5bc3e231479dfed214\f0c43c883b45dd5bc3e231479dfed214

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\AddIns\AddIns

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-4030829632-1935388475-3303396957-1003\S-1-5-21-4030829632-1935388475-3303396957-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Word\STARTUP\STARTUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-4030829632-1935388475-3303396957-1003\S-1-5-21-4030829632-1935388475-3303396957-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Jasc Paint Shop Photo Album Images\Jasc Paint Shop Photo Album Images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My PSP8 Files\Workspaces\Workspaces

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll

[1] 2004-08-04 04:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 62976 C:\WINDOWS\SYSTEM32\eventlog.dll ()

[2] 2008-04-13 18:11:53 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 04:00:00 55808 C:\i386\EVENTLOG.DLL (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\115E\115E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\136E\136E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1649\1649

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\17BB\17BB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\19F8\19F8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1B6F\1B6F

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1F04\1F04

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1FD\1FD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\208B\208B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\21BB\21BB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2444\2444

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\24E\24E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2550\2550

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\28CA\28CA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2D71\2D71

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2F7B\2F7B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\304A\304A

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\34CF\34CF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\3715\3715

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\37B3\37B3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\3B38\3B38

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\3E01\3E01

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4552\4552

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4676\4676

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\46AD\46AD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4A85\4A85

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4C8E\4C8E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4EE5\4EE5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4FE5\4FE5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\5355\5355

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\591A\591A

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6207\6207

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\63D6\63D6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\666B\666B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6991\6991

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6B08\6B08

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6D12\6D12

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6E45\6E45

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7038\7038

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7287\7287

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7881\7881

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7A1C\7A1C

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7D7F\7D7F

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7DC7\7DC7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\909\909

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\BAE\BAE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\D89\D89

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\nai242\nai242

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VBE\VBE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{169F8893-C1C5-4847-972C-EA1E008112AC}\{169F8893-C1C5-4847-972C-EA1E008112AC}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\{435E969D-867E-4364-8E74-3DC8A69C5BDB}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7201B853-5833-11D6-A285-00A0CC51B2FE}\{7201B853-5833-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7A900EAB-DA37-4554-AF19-9C337476D05D}\{7A900EAB-DA37-4554-AF19-9C337476D05D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9154ED7C-926E-49CC-B677-0CF3C5267457}\{9154ED7C-926E-49CC-B677-0CF3C5267457}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{A1185190-514F-11D6-A285-00A0CC51B2FE}\{A1185190-514F-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AC157741-3285-4D6A-B934-9174587A3493}\{AC157741-3285-4D6A-B934-9174587A3493}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{FD851F7E-F887-405D-9E1C-488811113EF3}\{FD851F7E-F887-405D-9E1C-488811113EF3}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!





Volume in drive C has no label.
Volume Serial Number is 84F0-2374

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 04:00 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 04:00 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 04:00 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 18:12 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 18:12 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 18:11 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 18:12 181,248 scecli.dll

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 18:12 407,040 netlogon.dll

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 18:11 62,976 eventlog.dll
3 File(s) 651,264 bytes

Total Files Listed:
9 File(s) 1,938,944 bytes
0 Dir(s) 48,318,394,368 bytes free

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:31 AM

Posted 29 August 2009 - 12:38 PM

Please follow these steps first:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter
    • This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y
  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop everything and come back and tell me first. Executing The Avenger script (step #2) won't work if the file copy was not successful.
  • Exit the Command Prompt window.
Next step

Please disable your antivirus program.
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

    Files to move:
    C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jboyer08

jboyer08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 30 August 2009 - 09:29 AM

Everything went well on this end.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Attached Files



#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:31 AM

Posted 30 August 2009 - 11:00 AM

Nicely done! :thumbup2:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.



=================


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 jboyer08

jboyer08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 31 August 2009 - 08:38 AM

When I copied "%userprofile%\desktop\win32kdiag.exe" -f -r and pressed open nothing happened on my computer. I have the Win32kdiag.txt file still on my desktop from when we ran the win32kdiag.exe program.

Would you like me to continue on with combofix?

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:31 AM

Posted 31 August 2009 - 12:08 PM

Do you still have Win32kDiag.exe located on your desktop?

Yes, go ahead and proceed with Combofix and we will come back to the other step if necessary.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 jboyer08

jboyer08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 31 August 2009 - 01:30 PM

Once I turned off my anitvirus and antispyware systems everything on my desktop has been highlighted in blue and I can not run combofix now. It says the file is infected and the windows antivirus pro pops up to tell me this. I also have a orange triangle on my toolbar trying to get me to use windows antivirus. I'm pretty sure this windows antvirus is malware or spyware.

I also get a svchost.exe has encountered a problem and needs to close. I can Debug send error report or click on fix it.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:31 AM

Posted 31 August 2009 - 02:41 PM

Ok, delete the Win32kDiag.txt that is on your desktop now.
Also delete Combofix.exe

Double-click Win32kDiag.exe to run Win32kDiag tool and post the new log that it creates.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 jboyer08

jboyer08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 31 August 2009 - 03:52 PM

New Win32kDiag. I don't know what my computer did to recover but my anti-virus program is up and running again and I turned everything back on. Everything is still highlighted in blue on the desktop.

Log file is located at: C:\Documents and Settings\Jon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP15C.tmp\ZAP15C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP245.tmp\ZAP245.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp\ZAP260.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TEMP\TEMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\90A2CC5A3D9ECE9429D33078B4DBC4C2\1.20.0\1.20.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MUI\MUI

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe

[1] 2004-08-04 04:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe ()

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sm9u\Sm9u

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f0c43c883b45dd5bc3e231479dfed214\f0c43c883b45dd5bc3e231479dfed214

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\AddIns\AddIns

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-4030829632-1935388475-3303396957-1003\S-1-5-21-4030829632-1935388475-3303396957-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Word\STARTUP\STARTUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-4030829632-1935388475-3303396957-1003\S-1-5-21-4030829632-1935388475-3303396957-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Jasc Paint Shop Photo Album Images\Jasc Paint Shop Photo Album Images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My PSP8 Files\Workspaces\Workspaces

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\115E\115E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\136E\136E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1649\1649

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\17BB\17BB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\19F8\19F8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1B6F\1B6F

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1F04\1F04

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1FD\1FD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\208B\208B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\21BB\21BB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2444\2444

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\24E\24E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2550\2550

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\28CA\28CA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2D71\2D71

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2F7B\2F7B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\304A\304A

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\34CF\34CF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\3715\3715

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\37B3\37B3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\3B38\3B38

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\3E01\3E01

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4552\4552

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4676\4676

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\46AD\46AD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4A85\4A85

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4C8E\4C8E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4EE5\4EE5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4FE5\4FE5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\5355\5355

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\591A\591A

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6207\6207

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\63D6\63D6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\666B\666B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6991\6991

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6B08\6B08

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6D12\6D12

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6E45\6E45

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7038\7038

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7287\7287

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7881\7881

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7A1C\7A1C

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7D7F\7D7F

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7DC7\7DC7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\909\909

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\BAE\BAE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\D89\D89

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\nai242\nai242

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VBE\VBE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{169F8893-C1C5-4847-972C-EA1E008112AC}\{169F8893-C1C5-4847-972C-EA1E008112AC}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\{435E969D-867E-4364-8E74-3DC8A69C5BDB}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7201B853-5833-11D6-A285-00A0CC51B2FE}\{7201B853-5833-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7A900EAB-DA37-4554-AF19-9C337476D05D}\{7A900EAB-DA37-4554-AF19-9C337476D05D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9154ED7C-926E-49CC-B677-0CF3C5267457}\{9154ED7C-926E-49CC-B677-0CF3C5267457}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{A1185190-514F-11D6-A285-00A0CC51B2FE}\{A1185190-514F-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{AC157741-3285-4D6A-B934-9174587A3493}\{AC157741-3285-4D6A-B934-9174587A3493}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{FD851F7E-F887-405D-9E1C-488811113EF3}\{FD851F7E-F887-405D-9E1C-488811113EF3}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

Attached Files



#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:31 AM

Posted 01 September 2009 - 12:12 PM

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 jboyer08

jboyer08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 01 September 2009 - 02:00 PM

Nothing happens when I enter "%userprofile%\desktop\win32kdiag.exe" -f -r and then click ok. Nothing comes up and nothing happens.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:31 AM

Posted 02 September 2009 - 11:12 AM

Is the file win32kdiag.exe located on your desktop or do you have saved in another location?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 jboyer08

jboyer08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 02 September 2009 - 12:32 PM

It is still on the desktop.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users