Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comp Shuts Down For Some Reason...


  • Please log in to reply
14 replies to this topic

#1 MuskokaMaryJane

MuskokaMaryJane

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 11 October 2006 - 04:21 PM

(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance.
- Enthusiast)

I recently installed Rollercoaster Tycoon 3. I was playing for about 20 minutes and then the computer just shut down. I tried again, and the same thing happened. I unistalled the game, and reinstalled it on a secondary drive. Same thing.
I was worried about having a virus, so I tried running avast! scan, and about 20 minutes into the scan, BOOM! Shut down again. This doesn't happen with anything else as far as I know. I ran Ad-Aware, found some tracking cookies, but nothing serious. Ran Spybot, found one problem, fixed it. I downloaded Speedfan, everything is running fine. I ran Registry Mechanic, and fixed about 93 problems.
I'm still having the same problem.
I can't run avast! because it shuts down the comp.
Any ideas? This is a new computer. This crap shouldn't be happening already! lol.

Here is a hijack this log just in case:

Logfile of HijackThis v1.99.1
Scan saved at 5:18:03 PM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Adware, Virus and Protection Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158587776578
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D40ABD-DA5D-461A-AC9F-1920ADFCA73B}: NameServer = 206.47.244.54 206.47.244.113
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Edited by Enthusiast, 11 October 2006 - 06:04 PM.

The one who dies with the most toys, Wins...

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:06 AM

Posted 16 October 2006 - 08:35 AM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

#3 MuskokaMaryJane

MuskokaMaryJane
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 16 October 2006 - 01:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:19:53 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Adware, Virus and Protection Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158587776578
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D40ABD-DA5D-461A-AC9F-1920ADFCA73B}: NameServer = 206.47.244.54 206.47.244.113
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Could this be a RAM problem?
The one who dies with the most toys, Wins...

#4 MuskokaMaryJane

MuskokaMaryJane
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 16 October 2006 - 04:41 PM

I did get a windows message saying "Virtual memory minimum too low"
or something along those lines.
The one who dies with the most toys, Wins...

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:06 AM

Posted 17 October 2006 - 10:42 AM

* Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode.. other rootkitrevealers don't.

#6 MuskokaMaryJane

MuskokaMaryJane
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 18 October 2006 - 12:52 PM

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-18 13:49:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 812DA7E0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ FF333F10
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 812A8008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ FF949DA8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 812A8008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_READ 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_READ 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 81228958
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 81228958
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 812A8008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 812A8008
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ FF3CDA28
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ FF948C60
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ FF948C60
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ FF964910
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ FF968D28
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CLOSE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_READ 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_WRITE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_EA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_EA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_FLUSH_BUFFERS 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DIRECTORY_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SHUTDOWN 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_LOCK_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CLEANUP 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_CREATE_MAILSLOT 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_SECURITY 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_SECURITY 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_POWER 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CHANGE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_QUERY_QUOTA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_SET_QUOTA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 IRP_MJ_PNP 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 81303D50
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 81303D50
Device \FileSystem\Fastfat \Fat IRP_MJ_READ FF333F10
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ FF96C858
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ FF96C858
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ FF96C858
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ FF96C858
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ FF96C858
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ FF940C68

---- Modules - GMER 1.0.11 ----

Module _________ F946B000

---- Files - GMER 1.0.11 ----

ADS ...
ADS ...

---- EOF - GMER 1.0.11 ----
The one who dies with the most toys, Wins...

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:06 AM

Posted 18 October 2006 - 01:36 PM

Gmer log is clean.

Try this:

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

#8 MuskokaMaryJane

MuskokaMaryJane
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 18 October 2006 - 04:44 PM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Logfile created on: 10/18/2006 5:32:18 PM
WinPFind v1.5.0 Folder = C:\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 12/21/1999 8:58:02 AM 21312 C:\WINDOWS\choice.exe ()
UPX! 8/22/2004 5:04:56 PM 69120 C:\WINDOWS\daemon.dll ()

Checking %System% folder...
UPX! 9/25/2006 11:45:08 AM 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
PEC2 8/4/2004 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 10/4/2006 4:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/4/2006 4:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 8:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 8:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 8:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/4/2004 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/18/2006 5:31:32 PM S 2048 C:\WINDOWS\bootstat.dat ()
10/13/2006 10:47:34 PM H 54156 C:\WINDOWS\QTFont.qfn ()
9/15/2006 4:30:58 PM RH 749 C:\WINDOWS\WindowsShell.Manifest ()
9/18/2006 10:31:56 AM RHS 227 C:\WINDOWS\assembly\Desktop.ini ()
9/18/2006 10:31:56 AM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
9/18/2006 10:31:56 AM RH 0 C:\WINDOWS\assembly\pubpol1.dat ()
10/12/2006 3:07:44 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
10/12/2006 3:07:48 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
9/15/2006 4:31:06 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini ()
9/15/2006 4:31:48 PM HS 67 C:\WINDOWS\Fonts\desktop.ini ()
9/18/2006 9:56:40 AM H 0 C:\WINDOWS\inf\oem10.inf ()
9/15/2006 4:31:06 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini ()
9/15/2006 4:31:28 PM RHS 727 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab ()
9/15/2006 4:31:28 PM RHS 19854 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab ()
9/15/2006 4:31:28 PM RHS 244933 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab ()
9/15/2006 4:32:30 PM H 225280 C:\WINDOWS\repair\ntuser.dat ()
9/15/2006 4:30:58 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest ()
9/15/2006 4:31:06 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest ()
9/15/2006 4:30:58 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest ()
9/15/2006 4:30:58 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest ()
9/15/2006 4:30:58 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest ()
9/15/2006 4:31:06 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest ()
9/15/2006 4:30:58 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest ()
8/21/2006 9:00:10 AM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
8/25/2006 1:06:28 PM S 13285 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923191.cat ()
9/13/2006 1:23:54 AM S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat ()
9/4/2006 2:38:52 AM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat ()
9/18/2006 10:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
10/18/2006 5:31:36 PM H 16384 C:\WINDOWS\system32\config\default.LOG ()
10/11/2006 4:39:08 PM H 0 C:\WINDOWS\system32\config\DEFAULT.rrr.LOG ()
10/18/2006 5:31:46 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/11/2006 4:39:08 PM H 0 C:\WINDOWS\system32\config\SAM.rrr.LOG ()
10/18/2006 5:31:34 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/18/2006 5:31:38 PM H 61440 C:\WINDOWS\system32\config\software.LOG ()
10/11/2006 4:39:08 PM H 0 C:\WINDOWS\system32\config\SOFTWARE.rrr.LOG ()
10/18/2006 5:31:40 PM H 811008 C:\WINDOWS\system32\config\system.LOG ()
9/15/2006 10:05:58 AM H 1024 C:\WINDOWS\system32\config\TempKey.LOG ()
9/15/2006 10:06:00 AM H 1024 C:\WINDOWS\system32\config\userdiff.LOG ()
10/12/2006 3:00:48 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
9/15/2006 10:07:18 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini ()
9/24/2006 3:16:02 AM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
9/24/2006 3:16:02 AM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
9/24/2006 3:16:02 AM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
9/24/2006 3:16:02 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
9/24/2006 3:16:02 AM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
9/24/2006 3:16:02 AM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
9/15/2006 10:07:18 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini ()
9/15/2006 4:31:08 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini ()
9/15/2006 10:07:18 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini ()
9/15/2006 4:32:28 PM HS 148 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini ()
9/15/2006 4:32:28 PM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini ()
9/15/2006 4:32:28 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini ()
9/15/2006 4:32:28 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini ()
9/15/2006 4:32:28 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini ()
9/18/2006 10:10:00 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\36b34e15-72b4-462a-b5e2-c069b1ffb6a8 ()
9/18/2006 10:10:00 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
9/15/2006 4:36:58 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\cefed6fc-da82-45ef-8510-1e69070428de ()
9/15/2006 4:36:58 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/18/2006 5:30:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
6/21/2005 4:46:18 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 8:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/4/2004 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
8/4/2004 8:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
6/21/2005 4:46:18 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\igfxcpl.cpl (Intel Corporation)

Checking for Downloaded Program Files...
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1158587776578
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - MJLauncherCtrl Class - CodeBase = http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/15/2006 5:45:26 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
9/15/2006 4:32:28 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/15/2006 10:07:18 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
10/15/2006 9:08:30 PM 4299 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
9/15/2006 4:32:28 PM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
9/15/2006 10:07:18 AM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini ()
10/9/2006 4:23:08 PM 284 C:\Documents and Settings\Owner\Application Data\ViewerApp.dat ()

Checking Selected Registry Keys

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.com/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 = Windows Messenger
\\NEXTID - 8194
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} - OpenOffice.org Infotip Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{63542C48-9552-494A-84F7-73AA6A7C99C1} - OpenOffice.org Property Sheet Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{3B092F0C-7696-40E3-A80F-68D74DA84210} - OpenOffice.org Thumbnail Viewer = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Smapp - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
DrvLsnr - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
IgfxTray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
WinampAgent - C:\Program Files\Winamp\winampa.exe ()
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
DiskeeperSystray - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
RegistryMechanic - Reg Data missing or invalid ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
FreeRAM XP - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{0CA6B149-EA40-4FD3-B0F6-AE00D87CA48D} - (3Com 3C900B-COMBO Ethernet Adapter (Generic))
{0ECBFD88-0086-4316-A82F-7CA091077AB8} - (ForeRunner PCA-200EPC ATM Adapter)
{2EFD053F-D24C-4302-80AA-9D2FB0001A12} - ()
{632843C2-ABAD-4278-B636-71BC70984FCC} - (Intel® PRO/100 VM Network Connection)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


Scan Complete
The one who dies with the most toys, Wins...

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:06 AM

Posted 19 October 2006 - 10:11 AM

Log looks clean. I am wondering if the computer is overheating and shutting down. Is it properly ventilated?

#10 MuskokaMaryJane

MuskokaMaryJane
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 19 October 2006 - 04:22 PM

It is. The power supply is also fine, fan works great.
What I've been told, and what I'm wondering about is whether or not RAM could be causing this. I have 256mb of RAM in this comp. Although the game I'm running, RCT3, has a minimum requirement of 128mb of RAM, so I didn't think it would be a problem. If the game was using too much memory, would it cause the computer to shut down?
The one who dies with the most toys, Wins...

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:06 AM

Posted 19 October 2006 - 04:41 PM

No...but if there was a problem with the ram it could reboot the machine. Is it shutting down, and turning the computer off as if you were shutting down the computer? Or is freezing? Or is it just spontaneous rebooting?

#12 MuskokaMaryJane

MuskokaMaryJane
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 19 October 2006 - 10:33 PM

Just completely shutting down.
Maybe, since it obviously isn't a malware problem, I should take it in to the store we bought it from. It's not even 2 months old yet, they'll look at it for free. I just didn't want it to have to come to that.
The one who dies with the most toys, Wins...

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:06 AM

Posted 20 October 2006 - 10:04 AM

Thats bizarre...i never heard of a malware (or hardware problem for that matter) shutting down the computer. Do you get a message, or timer, when it starts shutting down?

#14 MuskokaMaryJane

MuskokaMaryJane
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gravenhurst
  • Local time:12:06 AM

Posted 24 October 2006 - 12:25 AM

Nope, nothing. It just shuts down. Takes like a second. I was told by the computer store that it might be the power cord, so they sent me a new one and I haven't had a problem so far (knock on wood).
I do have a different issue involving a file that won't open. Can I post that here, or should I post it somewhere else?
The one who dies with the most toys, Wins...

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:06 AM

Posted 24 October 2006 - 11:05 AM

Post that in the Windows XP forum please...may be out of my league :thumbsup: I stick to security mostly. Glad it was as easy as the power cord (hopefully) :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users