Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HIJack This

Started by ZivaDappa , Apr 12 2011 08:37 PM

  • This topic is locked This topic is locked

#1
ZivaDappa
Posted 12 April 2011 - 08:37 PM

ZivaDappa

    New Member

  • Member
  • Pip
  • 5 posts
I've got a Trojan infecting my computer
I've run FixIEDef.exe to no avail

My HiJack this log is as follows:

Any help would be greatly appreciated!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:11 PM, on 4/13/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
I:\Program Files\Common Files\Java\Java Update\jusched.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
I:\Program Files\AVG\AVG9\avgwdsvc.exe
I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Common Files\LightScribe\LSSrvc.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\CyberLink\Shared Files\RichVideo.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\AVG\AVG9\avgfws9.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\ctfmon.exe
L:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = GET LINKED - GET CONNECTED!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] I:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [FS6519] I:\WINDOWS\FS6519.dll.vbs
O4 - HKLM\..\Run: [Ulead AutoDetector v2] I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "I:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "I:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] I:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Mriwerujomura] rundll32.exe "I:\WINDOWS\ahogiqinicim.dll",Startup
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] I:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor with AntiVirus] I:\Documents and Settings\john lane\Desktop\sdasetup.exe -min
O4 - HKCU\..\Run: [Kvokacupodovuje] rundll32.exe "I:\WINDOWS\wpwmdi.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Nikon Monitor.lnk = I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - I:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - I:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - I:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - I:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - I:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - I:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 12249 bytes
  • 0

Advertisements

#2
Cold Titanium
Posted 12 April 2011 - 09:45 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello ZivaDappa and welcome to G2G!

My name is Cold Titanium :D , and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through :D

:D Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We don't use HiJackThis anymore... Please scan with these two tools and post their logs:



Step #1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top make sure it is set to Standard Output.
  • Ensure the Use SafeList is selected for Extra Registry
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    msconfig
    safebootminimal
    safebootnetwork
    activex
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #2

  • Download GMER to your desktop
  • Right-Click and extract it to the desktop
  • Double-Click gmer.exe
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

After it finishes scanning
  • Click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it to your desktop

Post ark.txt in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt, Extras.txt, and ark.txt in your next reply...
  • 0

#3
ZivaDappa
Posted 13 April 2011 - 10:53 PM

ZivaDappa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ok, i hope this works!

Attached Files

  • Attached File  ark.txt   692.2KB   143 downloads
  • Attached File  Extras.Txt   46.9KB   167 downloads
  • Attached File  OTL.Txt   128.91KB   124 downloads

  • 0

#4
Cold Titanium
Posted 14 April 2011 - 09:07 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Please don't attach logs, just post them


OTL logfile created on: 4/14/2011 10:13:38 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = L:\VI
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 931.51 Gb Total Space | 740.38 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive I: | 465.75 Gb Total Space | 142.01 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 64.76 Gb Free Space | 21.73% Space Free | Partition Type: NTFS

Computer Name: BLACKGATEJOHN | User Name: john lane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/12 21:04:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\VI\OTL.exe
PRC - [2011/04/11 16:26:05 | 000,344,064 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
PRC - [2010/01/28 12:51:55 | 000,692,224 | ---- | M] (Logitech Inc.) -- I:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2010/01/28 12:51:47 | 000,069,632 | ---- | M] (Logitech Inc.) -- I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/01/28 12:48:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2010/01/28 12:47:30 | 000,057,344 | ---- | M] (Logitech Inc.) -- I:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2007/07/27 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/11/29 11:58:14 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- I:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/04/12 21:04:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\VI\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2007/07/27 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2007/07/27 05:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\ddraw.dll
MOD - [2007/07/27 05:00:00 | 000,229,376 | ---- | M] () -- I:\WINDOWS\ahogiqinicim.dll
MOD - [2007/07/27 05:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\dciman32.dll
MOD - [2007/04/23 04:00:00 | 000,045,568 | ---- | M] (Logitech Inc.) -- I:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- I:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/28 12:49:47 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- I:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2010/01/28 12:47:04 | 000,085,504 | ---- | M] (Autodesk) [On_Demand | Stopped] -- I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- I:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2009/04/13 18:17:32 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/02/14 02:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 07:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/08 13:51:54 | 000,010,880 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\DFUUsb.sys -- (DfuUsb)
DRV - [2007/10/11 11:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2007/09/28 22:30:52 | 000,065,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- I:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2002/06/24 11:00:00 | 000,053,412 | ---- | M] (GEAR Software) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\GEARASPISYS.SYS -- (GearAspiSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {FC0EBEA0-52F7-4643-9333-224DAEB71FC3}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/11/14 15:28:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FC0EBEA0-52F7-4643-9333-224DAEB71FC3}: I:\Documents and Settings\john lane\Local Settings\Application Data\{FC0EBEA0-52F7-4643-9333-224DAEB71FC3} [2011/01/28 11:16:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/04/13 23:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/03/25 07:34:00 | 000,000,000 | ---D | M]

[2011/01/19 20:00:02 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\john lane\Application Data\Mozilla\Extensions
[2011/04/10 12:01:19 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\john lane\Application Data\Mozilla\Firefox\Profiles\081lxags.default\extensions
[2011/01/19 20:00:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\john lane\Application Data\Mozilla\Firefox\Profiles\081lxags.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/19 20:00:03 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2011/01/28 11:16:48 | 000,000,000 | ---D | M] (XULRunner) -- I:\DOCUMENTS AND SETTINGS\JOHN LANE\LOCAL SETTINGS\APPLICATION DATA\{FC0EBEA0-52F7-4643-9333-224DAEB71FC3}
[2010/11/14 15:28:05 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- I:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2010/06/04 23:51:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010/11/14 13:24:19 | 000,001,197 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] I:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] I:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FS6519] I:\WINDOWS\FS6519.dll.vbs ()
O4 - HKLM..\Run: [Mriwerujomura] I:\WINDOWS\ahogiqinicim.dll ()
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] I:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ulead AutoDetector v2] I:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] File not found
O4 - HKCU..\Run: [Kvokacupodovuje] I:\WINDOWS\wpwmdi.dll ()
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = I:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: I:\Documents and Settings\john lane\Start Menu\Programs\Startup\Nikon Monitor.lnk = I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.83.112.9 202.83.113.71
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - I:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: I:\Documents and Settings\john lane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\john lane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 07:02:41 | 000,000,000 | ---D | M] - C:\autocad drawings -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{17a91d5c-3619-11e0-ad5c-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{17a91d5c-3619-11e0-ad5c-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{2b921eec-674b-11dd-a61d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{2b921eec-674b-11dd-a61d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b921eec-674b-11dd-a61d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{2c5db67a-793c-11de-a966-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{2c5db67a-793c-11de-a966-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c5db67a-793c-11de-a966-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{58a8a9da-e732-11dd-a6cb-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{58a8a9da-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58a8a9da-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{58a8a9e8-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun\command - "" = DCT\J\Mip.exe
O33 - MountPoints2\{58a8a9e8-e732-11dd-a6cb-001d7d08ea57}\Shell\open\command - "" = DCT\J\Mip.exe
O33 - MountPoints2\{5bd1a498-665f-11dd-a61c-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{5bd1a498-665f-11dd-a61c-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5bd1a498-665f-11dd-a61c-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{6004164e-9548-11df-abd9-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{6004164e-9548-11df-abd9-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6004164e-9548-11df-abd9-001d7d08ea57}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{65958066-b307-11df-ac1b-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{65958066-b307-11df-ac1b-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{65958066-b307-11df-ac1b-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{7785f758-1228-11e0-ad0e-001d7d08ea57}\Shell\AutoRun\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{7785f758-1228-11e0-ad0e-001d7d08ea57}\Shell\open\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{88d2d412-e116-11dd-a6be-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{88d2d412-e116-11dd-a6be-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88d2d412-e116-11dd-a6be-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{8fc51631-508a-11dd-af5f-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{8fc51631-508a-11dd-af5f-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fc51631-508a-11dd-af5f-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{98c4478c-0d12-11e0-ad02-001d7d08ea57}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{9e40df9a-b412-11de-aa35-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{9e40df9a-b412-11de-aa35-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e40df9a-b412-11de-aa35-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{a3939e36-fb26-11df-ace2-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{a3939e36-fb26-11df-ace2-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{a4dd5388-07b2-11e0-acf8-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{a4dd5388-07b2-11e0-acf8-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4dd5388-07b2-11e0-acf8-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{a6eda2d4-3fc1-11dd-af44-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{a6eda2d4-3fc1-11dd-af44-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a6eda2d4-3fc1-11dd-af44-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{acb91c5e-6198-11dd-a618-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{acb91c5e-6198-11dd-a618-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acb91c5e-6198-11dd-a618-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{b47c2262-3245-11e0-ad4d-001d7d08ea57}\Shell\AutoRun\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{b47c2262-3245-11e0-ad4d-001d7d08ea57}\Shell\open\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{b5eb3e68-9895-11dd-a65c-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{b5eb3e68-9895-11dd-a65c-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5eb3e68-9895-11dd-a65c-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{bfaf393a-5089-11dd-af5d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{bfaf393a-5089-11dd-af5d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfaf393a-5089-11dd-af5d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c43fc27e-a7bb-11dd-a671-001d7d08ea57}\Shell\AutoRun\command - "" = K:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{c43fc27e-a7bb-11dd-a671-001d7d08ea57}\Shell\open\command - "" = K:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{c4e2b925-e2bb-11dd-a6c3-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{c4e2b925-e2bb-11dd-a6c3-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4e2b925-e2bb-11dd-a6c3-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c715b124-ee74-11dd-a6da-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{c715b124-ee74-11dd-a6da-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c715b124-ee74-11dd-a6da-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c9f41ba8-3c26-11dd-af3d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f41ba8-3c26-11dd-af3d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9f41ba8-3c26-11dd-af3d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{cdcbfae5-8522-11dd-a63d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{cdcbfae5-8522-11dd-a63d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cdcbfae5-8522-11dd-a63d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{d30715e2-c2ad-11de-aa5d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{d30715e2-c2ad-11de-aa5d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d30715e2-c2ad-11de-aa5d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{f639bc3a-e9d6-11df-acb0-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{f639bc3a-e9d6-11df-acb0-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f639bc3a-e9d6-11df-acb0-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{fd1e5efa-085f-11e0-acfa-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{fd1e5efa-085f-11e0-acfa-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe" -a "%1" %* ()

MsConfig - StartUpFolder: I:^Documents and Settings^john lane^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk - - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {05758AA1-E3D4-FA85-1049-A7257F1759F7} - NetShow
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "I:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {13586A15-6B24-E84B-3114-3671CD4445F3} - NetShow
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} - c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - I:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - I:\WINDOWS\system32\Rundll32.exe I:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA327206-00CB-5C64-5316-BF9C5BC6102A} - Internet Explorer
ActiveX: {CB86EC62-CEA7-4C82-9EBA-B7A5E410E54C} - Reg Error: Value error.
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE7F1905-D26E-5123-B9EF-F01A3E851BEC} - Java (Sun)
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF8D3B19-51A0-701A-8513-118042659C1B} - Outlook Express
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - I:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - I:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - I:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "I:\WINDOWS\system32\rundll32.exe" "I:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - I:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - I:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - I:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - I:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - I:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - I:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - I:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - I:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - I:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - I:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - I:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - I:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - I:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - I:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - I:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - I:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - I:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - I:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yvu9 - I:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - I:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - I:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619700398653440)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 23:47:10 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/04/13 10:41:23 | 000,000,000 | ---D | C] -- I:\ERDNT
[2011/04/13 10:41:21 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERUNT
[2011/04/13 10:41:21 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2011/04/13 10:41:15 | 000,000,000 | ---D | C] -- I:\!FixIEDef
[2011/04/12 14:45:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/12 11:23:22 | 001,093,459 | ---- | C] (Zoll Technologies) -- I:\Documents and Settings\john lane\Desktop\FixIEDef.exe
[2011/04/10 12:01:37 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\copies
[2011/04/10 11:29:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Application Data\MonkeyJam
[2011/04/07 13:06:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/07 13:05:21 | 000,000,000 | ---D | C] -- I:\Program Files\iPod
[2011/04/07 00:39:37 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2011/04/04 11:03:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\HIGH TEA
[2011/04/04 10:17:24 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\DivX
[2011/03/15 19:29:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\New Folder (2)
[2011/03/15 19:29:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\ARTISTIQUE MUSIC
[7 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[4 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[2 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2032/01/03 14:53:34 | 073,610,708 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\104_0962.MOV
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\WINDOWS\FS6519.dll.vbs
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\FS6519.dll.vbs
[2011/04/14 10:15:17 | 000,000,102 | RHS- | M] () -- I:\autorun.inf
[2011/04/14 09:56:32 | 000,014,180 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\5v8d0182f4h5
[2011/04/14 09:56:32 | 000,014,180 | -HS- | M] () -- I:\Documents and Settings\All Users\Application Data\5v8d0182f4h5
[2011/04/14 09:49:58 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oxejefiqa.dll
[2011/04/14 09:49:25 | 000,000,886 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/14 09:47:54 | 000,001,306 | ---- | M] () -- I:\WINDOWS\imojagiq.dll
[2011/04/14 09:45:28 | 000,013,868 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/04/14 09:45:00 | 000,175,033 | ---- | M] () -- I:\WINDOWS\System32\nvapps.xml
[2011/04/14 09:44:48 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/04/14 09:41:37 | 000,000,430 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{82B81F60-3795-4CE8-B492-4EE286FA5567}.job
[2011/04/14 09:39:38 | 2145,386,496 | ---- | M] () -- I:\WINDOWS\MEMORY.DMP
[2011/04/13 23:46:55 | 004,320,019 | R--- | M] () -- I:\Documents and Settings\john lane\Desktop\ComboFix.exe
[2011/04/13 23:42:07 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ehanuver.dll
[2011/04/13 11:49:00 | 000,000,882 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 10:50:22 | 000,001,264 | ---- | M] () -- I:\WINDOWS\izogepuwidogodo.dll
[2011/04/13 02:00:00 | 000,000,350 | ---- | M] () -- I:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BLACKGATEJOHN-john lane.job
[2011/04/12 22:13:00 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/12 17:29:55 | 001,093,459 | ---- | M] (Zoll Technologies) -- I:\Documents and Settings\john lane\Desktop\FixIEDef.exe
[2011/04/12 10:49:34 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ipuquxuz.dll
[2011/04/11 21:57:31 | 000,001,264 | ---- | M] () -- I:\WINDOWS\awaqitihumenesan.dll
[2011/04/11 21:08:57 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uyicuvuhoxuq.dll
[2011/04/11 21:01:05 | 000,001,264 | ---- | M] () -- I:\WINDOWS\okuhoxuqux.dll
[2011/04/11 20:14:18 | 000,001,264 | ---- | M] () -- I:\WINDOWS\iwiroquq.dll
[2011/04/11 20:09:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ababevaxitigokid.dll
[2011/04/11 20:09:33 | 000,001,267 | ---- | M] () -- I:\WINDOWS\Uyuzitivumeja.dat
[2011/04/11 19:46:22 | 000,001,264 | ---- | M] () -- I:\WINDOWS\avihaxiqex.dll
[2011/04/11 18:03:24 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ubuwaqiq.dll
[2011/04/11 17:55:01 | 000,001,264 | ---- | M] () -- I:\WINDOWS\obuwaqiqamalanun.dll
[2011/04/11 17:50:18 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uxojehuco.dll
[2011/04/11 17:07:31 | 000,001,264 | ---- | M] () -- I:\WINDOWS\iveteroq.dll
[2011/04/11 16:26:05 | 000,344,064 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
[2011/04/11 11:08:01 | 000,000,000 | ---- | M] () -- I:\WINDOWS\Vnasuqeruzonahu.bin
[2011/04/11 08:04:28 | 000,139,264 | ---- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/10 18:50:11 | 000,000,069 | ---- | M] () -- I:\WINDOWS\NeroDigital.ini
[2011/04/08 04:37:04 | 000,001,542 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/07 02:40:52 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uhepasuyaxukow.dll
[2011/04/07 00:40:39 | 000,001,854 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/07 00:40:39 | 000,001,854 | ---- | M] () -- I:\Documents and Settings\john lane\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/02 11:49:41 | 000,000,368 | ---- | M] () -- I:\WINDOWS\ViewNX.INI
[2011/04/02 11:41:15 | 000,000,020 | -H-- | M] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/04/02 11:40:04 | 000,000,020 | -H-- | M] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/04/01 09:54:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\opucafoj.dll
[2011/03/31 21:42:43 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oxucipih.dll
[2011/03/29 14:04:02 | 000,000,167 | ---- | M] () -- I:\Documents and Settings\john lane\default.pls
[2011/03/28 12:52:37 | 000,031,520 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\2011 Membership Teacher or Teacher Trainee.pdf
[2011/03/26 04:10:11 | 000,001,274 | ---- | M] () -- I:\WINDOWS\owawiqinoqoyej.dll
[2011/03/26 02:08:17 | 000,001,274 | ---- | M] () -- I:\WINDOWS\ovapiqow.dll
[2011/03/25 07:34:05 | 000,001,274 | ---- | M] () -- I:\WINDOWS\aletedapesanuk.dll
[2011/03/25 07:32:09 | 000,001,274 | ---- | M] () -- I:\WINDOWS\iqepodatod.dll
[2011/03/24 20:02:32 | 000,042,217 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\tumblr_lie295At001qz9qooo1_r1_500.jpg
[2011/03/22 12:39:44 | 000,057,512 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\cant help falling in love.jpg
[2011/03/21 07:21:40 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ozekifen.dll
[2011/03/19 22:04:52 | 000,000,000 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\IMG_0340.MOV
[2011/03/19 14:04:57 | 002,193,488 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\hawk attack.jpg
[2011/03/19 13:24:08 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uqifexemexizodul.dll
[2011/03/19 13:22:49 | 000,001,282 | ---- | M] () -- I:\WINDOWS\ikaqesaci.dlld
[2011/03/19 13:22:49 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ikaqesaci.dll
[2011/03/19 10:10:54 | 000,001,264 | ---- | M] () -- I:\WINDOWS\icoyifeg.dll
[2011/03/19 09:17:46 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oyafawina.dll
[2011/03/18 06:17:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\awohilofejinur.dll
[2011/03/18 06:17:02 | 000,001,264 | ---- | M] () -- I:\WINDOWS\akicuzojazi.dll
[2011/03/16 06:55:16 | 000,496,288 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011/03/16 06:55:16 | 000,084,646 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011/03/16 06:54:08 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ocozofuqoqiwogij.dll
[2011/03/15 20:18:34 | 000,001,734 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/15 19:26:54 | 000,580,306 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\ARTISTIQUE MUSIC.pdf
[7 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[4 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[2 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/14 09:51:56 | 000,000,102 | RHS- | C] () -- I:\autorun.inf
[2011/04/14 09:49:58 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxejefiqa.dll
[2011/04/14 09:47:54 | 000,001,306 | ---- | C] () -- I:\WINDOWS\imojagiq.dll
[2011/04/13 23:46:50 | 004,320,019 | R--- | C] () -- I:\Documents and Settings\john lane\Desktop\ComboFix.exe
[2011/04/13 23:42:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ehanuver.dll
[2011/04/13 10:50:22 | 000,001,264 | ---- | C] () -- I:\WINDOWS\izogepuwidogodo.dll
[2011/04/12 10:49:34 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ipuquxuz.dll
[2011/04/11 21:57:31 | 000,001,264 | ---- | C] () -- I:\WINDOWS\awaqitihumenesan.dll
[2011/04/11 21:08:57 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uyicuvuhoxuq.dll
[2011/04/11 21:01:04 | 000,001,264 | ---- | C] () -- I:\WINDOWS\okuhoxuqux.dll
[2011/04/11 20:14:16 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iwiroquq.dll
[2011/04/11 20:09:38 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ababevaxitigokid.dll
[2011/04/11 19:46:22 | 000,001,264 | ---- | C] () -- I:\WINDOWS\avihaxiqex.dll
[2011/04/11 18:03:24 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ubuwaqiq.dll
[2011/04/11 17:55:01 | 000,001,264 | ---- | C] () -- I:\WINDOWS\obuwaqiqamalanun.dll
[2011/04/11 17:50:18 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uxojehuco.dll
[2011/04/11 17:07:31 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iveteroq.dll
[2011/04/11 16:26:06 | 000,014,180 | -HS- | C] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\5v8d0182f4h5
[2011/04/11 16:26:06 | 000,014,180 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\5v8d0182f4h5
[2011/04/11 16:26:05 | 000,344,064 | -HS- | C] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
[2011/04/07 13:06:19 | 000,001,542 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/07 02:40:52 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uhepasuyaxukow.dll
[2011/04/01 09:54:37 | 000,001,264 | ---- | C] () -- I:\WINDOWS\opucafoj.dll
[2011/03/31 21:42:43 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxucipih.dll
[2011/03/28 12:52:36 | 000,031,520 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\2011 Membership Teacher or Teacher Trainee.pdf
[2011/03/26 04:10:11 | 000,001,274 | ---- | C] () -- I:\WINDOWS\owawiqinoqoyej.dll
[2011/03/26 02:08:17 | 000,001,274 | ---- | C] () -- I:\WINDOWS\ovapiqow.dll
[2011/03/25 07:34:04 | 000,001,274 | ---- | C] () -- I:\WINDOWS\aletedapesanuk.dll
[2011/03/25 07:32:09 | 000,001,274 | ---- | C] () -- I:\WINDOWS\iqepodatod.dll
[2011/03/24 20:02:31 | 000,042,217 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\tumblr_lie295At001qz9qooo1_r1_500.jpg
[2011/03/22 12:40:42 | 000,057,512 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\cant help falling in love.jpg
[2011/03/21 07:21:40 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ozekifen.dll
[2011/03/20 09:52:39 | 023,614,184 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\100_2693.MOV
[2011/03/19 22:04:52 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\IMG_0340.MOV
[2011/03/19 13:59:59 | 002,193,488 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\hawk attack.jpg
[2011/03/19 13:24:08 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uqifexemexizodul.dll
[2011/03/19 13:22:49 | 000,001,282 | ---- | C] () -- I:\WINDOWS\ikaqesaci.dlld
[2011/03/19 13:22:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ikaqesaci.dll
[2011/03/19 10:10:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\icoyifeg.dll
[2011/03/19 09:17:46 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oyafawina.dll
[2011/03/18 06:17:37 | 000,001,264 | ---- | C] () -- I:\WINDOWS\awohilofejinur.dll
[2011/03/18 06:17:02 | 000,001,264 | ---- | C] () -- I:\WINDOWS\akicuzojazi.dll
[2011/03/16 06:54:08 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ocozofuqoqiwogij.dll
[2011/03/15 20:18:34 | 000,001,804 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/15 20:18:34 | 000,001,734 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/15 19:26:45 | 000,580,306 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\ARTISTIQUE MUSIC.pdf
[2011/03/11 08:45:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\owuhimuhabuc.dll
[2011/03/10 16:59:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iyixuqot.dll
[2011/03/10 08:20:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ibenakoh.dll
[2011/03/08 09:12:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\irafupeyeguwivi.dll
[2011/03/07 15:43:32 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uqadajak.dll
[2011/03/07 15:18:19 | 000,001,264 | ---- | C] () -- I:\WINDOWS\orutigihagon.dll
[2011/03/07 13:16:20 | 000,001,264 | ---- | C] () -- I:\WINDOWS\usojasuq.dll
[2011/03/07 11:15:27 | 000,001,264 | ---- | C] () -- I:\WINDOWS\egepaguheyek.dll
[2011/03/03 17:53:25 | 000,001,264 | ---- | C] () -- I:\WINDOWS\avipuzimocinex.dll
[2011/03/03 17:51:55 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ohiriyiji.dll
[2011/02/19 20:32:03 | 000,001,264 | ---- | C] () -- I:\WINDOWS\umuveruq.dll
[2011/02/19 10:23:08 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iwepukogibux.dll
[2011/02/19 05:56:51 | 000,001,264 | ---- | C] () -- I:\WINDOWS\odibugojud.dll
[2011/02/19 03:54:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\utahogeh.dll
[2011/02/19 01:52:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\elarotan.dll
[2011/02/18 23:51:14 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ulezaxijo.dll
[2011/02/09 15:19:28 | 000,001,264 | ---- | C] () -- I:\WINDOWS\asucihic.dll
[2011/02/08 23:37:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ukicuzoj.dll
[2011/02/07 23:31:26 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ojuperamiya.dll
[2011/02/05 10:27:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\obexuguj.dll
[2011/02/03 13:49:59 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ebofupey.dll
[2011/02/03 11:48:18 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ivozidij.dll
[2011/02/03 11:35:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxowayewecigit.dll
[2011/02/03 11:29:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ozexekoc.dll
[2011/02/02 22:44:13 | 000,090,336 | -H-- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2011/01/31 16:18:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ukezejoher.dll
[2011/01/28 11:16:49 | 000,001,267 | ---- | C] () -- I:\WINDOWS\Uyuzitivumeja.dat
[2011/01/28 11:16:49 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Vnasuqeruzonahu.bin
[2011/01/19 19:07:44 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2011/01/15 09:08:47 | 001,276,818 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-152049171-839522115-1004-0.dat
[2011/01/15 09:08:47 | 000,444,030 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/25 04:03:02 | 000,000,127 | ---- | C] () -- I:\WINDOWS\System32\MRT.INI
[2010/11/06 12:47:30 | 000,000,606 | ---- | C] () -- I:\Documents and Settings\john lane\Application Data\AutoGK.ini
[2010/07/13 06:30:47 | 000,000,030 | ---- | C] () -- I:\WINDOWS\Iedit_.INI
[2010/03/04 13:39:15 | 000,003,704 | RHS- | C] () -- I:\WINDOWS\FS6519.dll.vbs
[2009/09/13 12:30:51 | 000,000,120 | ---- | C] () -- I:\WINDOWS\QUICKEN.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- I:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- I:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 13:07:21 | 000,012,150 | ---- | C] () -- I:\WINDOWS\hpdj5100.ini
[2009/04/02 10:25:03 | 000,005,180 | ---- | C] () -- I:\WINDOWS\System32\uacinit.dll
[2009/04/02 10:24:15 | 000,000,127 | ---- | C] () -- I:\WINDOWS\System32\UACpfqqhxid.dat
[2009/03/06 20:18:05 | 002,463,976 | ---- | C] () -- I:\WINDOWS\System32\NPSWF32.dll
[2009/02/10 10:35:39 | 000,002,528 | ---- | C] () -- I:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/02/09 21:19:44 | 000,002,528 | ---- | C] () -- I:\Documents and Settings\john lane\Application Data\$_hpcst$.hpc
[2009/01/31 10:40:20 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\HAL
[2009/01/31 10:40:20 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Graphics
[2009/01/31 10:40:20 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/01/31 10:40:18 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Halftone
[2009/01/31 10:40:18 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Guides
[2009/01/29 20:00:19 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2009/01/29 19:54:35 | 000,000,368 | ---- | C] () -- I:\WINDOWS\ViewNX.INI
[2009/01/29 19:38:39 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Cocoa
[2009/01/29 19:38:39 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Classic Thick
[2009/01/29 19:38:39 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/01/29 19:35:50 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Clean Electric Guitar
[2009/01/29 19:35:50 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Chiller
[2009/01/29 19:35:50 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2008/12/26 17:16:21 | 000,043,520 | ---- | C] () -- I:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/17 19:52:22 | 000,000,520 | ---- | C] () -- I:\WINDOWS\netdet.ini
[2008/11/29 17:41:50 | 000,118,784 | ---- | C] () -- I:\WINDOWS\dsdxirmv.exe
[2008/06/21 11:43:25 | 000,000,151 | ---- | C] () -- I:\WINDOWS\PhotoSnapViewer.INI
[2008/06/20 21:01:34 | 000,139,264 | ---- | C] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/16 17:10:59 | 000,000,376 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2008/06/16 16:56:29 | 000,000,000 | ---- | C] () -- I:\WINDOWS\lgfwup.ini
[2008/06/14 17:36:44 | 000,000,000 | ---- | C] () -- I:\WINDOWS\mtstack.INI
[2008/06/14 08:20:59 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2008/06/13 21:44:11 | 000,049,152 | ---- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2008/06/13 21:31:32 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2008/06/13 21:28:13 | 000,022,720 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2008/06/13 14:17:03 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2008/06/13 14:16:06 | 003,877,672 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/24 04:52:00 | 001,703,936 | ---- | C] () -- I:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/24 04:52:00 | 001,482,752 | ---- | C] () -- I:\WINDOWS\System32\nview.dll
[2008/03/24 04:52:00 | 001,339,392 | ---- | C] () -- I:\WINDOWS\System32\nvdspsch.exe
[2008/03/24 04:52:00 | 001,019,904 | ---- | C] () -- I:\WINDOWS\System32\nvwimg.dll
[2008/03/24 04:52:00 | 000,466,944 | ---- | C] () -- I:\WINDOWS\System32\nvshell.dll
[2008/03/24 04:52:00 | 000,442,368 | ---- | C] () -- I:\WINDOWS\System32\nvappbar.exe
[2008/03/24 04:52:00 | 000,425,984 | ---- | C] () -- I:\WINDOWS\System32\keystone.exe
[2008/03/24 04:52:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/27 05:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2007/07/27 05:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2007/07/27 05:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2007/07/27 05:00:00 | 000,229,376 | ---- | C] () -- I:\WINDOWS\ahogiqinicim.dll
[2007/07/27 05:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2007/07/27 05:00:00 | 000,094,208 | ---- | C] () -- I:\WINDOWS\wpwmdi.dll
[2007/07/27 05:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2007/07/27 05:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2007/07/27 05:00:00 | 000,027,440 | ---- | C] () -- I:\WINDOWS\System32\drivers\secdrv.sys
[2007/07/27 05:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2007/07/27 05:00:00 | 000,004,461 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2007/07/27 05:00:00 | 000,001,788 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,496,288 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,084,646 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- I:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- I:\WINDOWS\System32\unrar.dll
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/14 10:15:17 | 000,000,102 | RHS- | M] () -- I:\autorun.inf
[2008/06/13 14:15:00 | 000,000,210 | -HS- | M] () -- I:\BOOT.BAK
[2008/07/15 04:22:01 | 000,000,210 | -HS- | M] () -- I:\boot.ini
[2008/06/13 21:46:12 | 000,000,197 | ---- | M] () -- I:\csb.log
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\FS6519.dll.vbs
[2007/07/27 05:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2007/07/27 05:00:00 | 000,250,032 | RHS- | M] () -- I:\ntldr
[2011/04/14 09:44:33 | 2145,386,496 | -HS- | M] () -- I:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/07/15 11:33:43 | 000,000,067 | -HS- | M] () -- I:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/15 04:22:01 | 000,262,144 | ---- | M] () -- I:\WINDOWS\system32\config\default.sav
[2008/07/15 11:15:48 | 000,262,144 | ---- | M] () -- I:\WINDOWS\system32\config\security.sav
[2008/07/15 04:22:01 | 024,641,536 | ---- | M] () -- I:\WINDOWS\system32\config\software.sav
[2008/07/15 04:22:02 | 004,980,736 | ---- | M] () -- I:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/07/27 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- I:\WINDOWS\system32\user32.dll
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2007/07/27 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- I:\WINDOWS\system32\ws2_32.dll
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2007/07/27 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- I:\WINDOWS\system32\ws2help.dll
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-10 11:02:45

========== Files - Unicode (All) ==========
[2010/12/30 22:56:28 | 000,000,036 | ---- | M] ()(I:\WINDOWS\System32\??) -- I:\WINDOWS\System32\嚀œ
[2010/12/30 22:56:28 | 000,000,036 | ---- | C] ()(I:\WINDOWS\System32\??) -- I:\WINDOWS\System32\嚀œ
[2010/11/07 17:48:20 | 000,000,036 | ---- | M] ()(I:\WINDOWS\System32\?¼) -- I:\WINDOWS\System32\ᎀ¼
[2010/11/07 17:48:20 | 000,000,036 | ---- | C] ()(I:\WINDOWS\System32\?¼) -- I:\WINDOWS\System32\ᎀ¼

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >



OTL Extras logfile created on: 4/14/2011 10:13:38 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = L:\VI
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 931.51 Gb Total Space | 740.38 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive I: | 465.75 Gb Total Space | 142.01 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 64.76 Gb Free Space | 21.73% Space Free | Partition Type: NTFS

Computer Name: BLACKGATEJOHN | User Name: john lane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe ()
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- I:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Nexon\Combat Arms\CombatArms.exe" = I:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"I:\Nexon\Combat Arms\Engine.exe" = I:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Installation\Setupx.exe" = H:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"I:\Program Files\GIGABYTE\GEST\run.exe" = I:\Program Files\GIGABYTE\GEST\run.exe:*:Enabled:update -- ()
"I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"I:\Nexon\Combat Arms\CombatArms.exe" = I:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"I:\Nexon\Combat Arms\Engine.exe" = I:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"I:\WINDOWS\explorer.exe" = I:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"I:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = I:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Disabled:Age of Empires III -- (Ensemble Studios)
"I:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = I:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Disabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"I:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = I:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"I:\Program Files\AVG\AVG9\avgam.exe" = I:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe
"I:\Program Files\AVG\AVG9\avgdiagex.exe" = I:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe
"I:\Program Files\AVG\AVG9\avgupd.exe" = I:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"I:\Program Files\AVG\AVG9\avgnsx.exe" = I:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"I:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = I:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A3210EE-7494-4879-9270-A721ED7F9947}" = Gamer HUD
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Alpha ASIO driver" = Lexicon Alpha ASIO (remove only)
"AMA" = AutoCAD 2000 Migration Assistance
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.21
"Ashampoo Photo Optimizer 3_is1" = Ashampoo Photo Optimizer 3.11
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Cakewalk Pyro 1.5" = Cakewalk Pyro 1.5
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"conduitEngine" = Conduit Engine
"DAO 3.5" = DAO 3.5
"DreamStation DXi2" = DreamStation DXi2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Facebook Chat_is1" = Facebook Chat
"Google Updater" = Google Updater
"Home Studio 2004" = Home Studio 2004
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"Project5 Trial" = Project5 Trial
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VCarve Pro" = VCarve Pro 5.5
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"790a8a4cad536f51" = Fishbowl 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2011 7:54:08 PM | Computer Name = BLACKGATEJOHN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 3/28/2011 11:13:27 PM | Computer Name = BLACKGATEJOHN | Source = Age of Empires 3 | ID = 1000
Description =

Error - 3/28/2011 11:14:49 PM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.1.2.17, faulting module
d3d9.dll, version 5.3.2600.2180, fault address 0x000a75ae.

Error - 3/28/2011 11:39:29 PM | Computer Name = BLACKGATEJOHN | Source = Age of Empires 3 | ID = 1000
Description =

Error - 3/29/2011 12:15:48 AM | Computer Name = BLACKGATEJOHN | Source = Age of Empires 3 | ID = 1000
Description =

Error - 4/1/2011 12:37:40 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module ahogiqinicim.dll, version 0.0.0.0, fault address 0x0002202b.

Error - 4/1/2011 12:37:57 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 4/1/2011 2:57:44 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wininet.dll, version 8.0.6001.18923, fault address 0x000797fd.

Error - 4/1/2011 9:56:33 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 4/1/2011 12:54:34 PM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module ahogiqinicim.dll, version 0.0.0.0, fault address 0x0002202b.

[ System Events ]
Error - 4/14/2011 2:40:48 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 4/14/2011 2:45:14 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/14/2011 3:02:39 AM | Computer Name = BLACKGATEJOHN | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -60966 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|116.199.233.142:123->207.46.232.182:123) is
working properly.

Error - 4/14/2011 3:08:03 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/14/2011 3:08:08 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/14/2011 3:08:10 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/14/2011 12:40:44 PM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/14/2011 12:41:15 PM | Computer Name = BLACKGATEJOHN | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\D.

Error - 4/14/2011 12:45:29 PM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/14/2011 12:50:00 PM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0

#5
ZivaDappa
Posted 14 April 2011 - 09:23 AM

ZivaDappa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 4/14/2011 10:13:38 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = L:\VI
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 931.51 Gb Total Space | 740.38 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive I: | 465.75 Gb Total Space | 142.01 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 64.76 Gb Free Space | 21.73% Space Free | Partition Type: NTFS

Computer Name: BLACKGATEJOHN | User Name: john lane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/12 21:04:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\VI\OTL.exe
PRC - [2011/04/11 16:26:05 | 000,344,064 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
PRC - [2010/01/28 12:51:55 | 000,692,224 | ---- | M] (Logitech Inc.) -- I:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2010/01/28 12:51:47 | 000,069,632 | ---- | M] (Logitech Inc.) -- I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/01/28 12:48:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2010/01/28 12:47:30 | 000,057,344 | ---- | M] (Logitech Inc.) -- I:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2007/07/27 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/11/29 11:58:14 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- I:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/04/12 21:04:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\VI\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2007/07/27 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2007/07/27 05:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\ddraw.dll
MOD - [2007/07/27 05:00:00 | 000,229,376 | ---- | M] () -- I:\WINDOWS\ahogiqinicim.dll
MOD - [2007/07/27 05:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\dciman32.dll
MOD - [2007/04/23 04:00:00 | 000,045,568 | ---- | M] (Logitech Inc.) -- I:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- I:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/28 12:49:47 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- I:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2010/01/28 12:47:04 | 000,085,504 | ---- | M] (Autodesk) [On_Demand | Stopped] -- I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- I:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2009/04/13 18:17:32 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/02/14 02:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 07:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/08 13:51:54 | 000,010,880 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\DFUUsb.sys -- (DfuUsb)
DRV - [2007/10/11 11:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2007/09/28 22:30:52 | 000,065,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- I:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2002/06/24 11:00:00 | 000,053,412 | ---- | M] (GEAR Software) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\GEARASPISYS.SYS -- (GearAspiSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {FC0EBEA0-52F7-4643-9333-224DAEB71FC3}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/11/14 15:28:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FC0EBEA0-52F7-4643-9333-224DAEB71FC3}: I:\Documents and Settings\john lane\Local Settings\Application Data\{FC0EBEA0-52F7-4643-9333-224DAEB71FC3} [2011/01/28 11:16:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/04/13 23:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/03/25 07:34:00 | 000,000,000 | ---D | M]

[2011/01/19 20:00:02 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\john lane\Application Data\Mozilla\Extensions
[2011/04/10 12:01:19 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\john lane\Application Data\Mozilla\Firefox\Profiles\081lxags.default\extensions
[2011/01/19 20:00:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\john lane\Application Data\Mozilla\Firefox\Profiles\081lxags.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/19 20:00:03 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2011/01/28 11:16:48 | 000,000,000 | ---D | M] (XULRunner) -- I:\DOCUMENTS AND SETTINGS\JOHN LANE\LOCAL SETTINGS\APPLICATION DATA\{FC0EBEA0-52F7-4643-9333-224DAEB71FC3}
[2010/11/14 15:28:05 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- I:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2010/06/04 23:51:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010/11/14 13:24:19 | 000,001,197 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] I:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] I:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FS6519] I:\WINDOWS\FS6519.dll.vbs ()
O4 - HKLM..\Run: [Mriwerujomura] I:\WINDOWS\ahogiqinicim.dll ()
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] I:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ulead AutoDetector v2] I:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] File not found
O4 - HKCU..\Run: [Kvokacupodovuje] I:\WINDOWS\wpwmdi.dll ()
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = I:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: I:\Documents and Settings\john lane\Start Menu\Programs\Startup\Nikon Monitor.lnk = I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.83.112.9 202.83.113.71
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - I:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: I:\Documents and Settings\john lane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\john lane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 07:02:41 | 000,000,000 | ---D | M] - C:\autocad drawings -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{17a91d5c-3619-11e0-ad5c-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{17a91d5c-3619-11e0-ad5c-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{2b921eec-674b-11dd-a61d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{2b921eec-674b-11dd-a61d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b921eec-674b-11dd-a61d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{2c5db67a-793c-11de-a966-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{2c5db67a-793c-11de-a966-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c5db67a-793c-11de-a966-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{58a8a9da-e732-11dd-a6cb-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{58a8a9da-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58a8a9da-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{58a8a9e8-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun\command - "" = DCT\J\Mip.exe
O33 - MountPoints2\{58a8a9e8-e732-11dd-a6cb-001d7d08ea57}\Shell\open\command - "" = DCT\J\Mip.exe
O33 - MountPoints2\{5bd1a498-665f-11dd-a61c-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{5bd1a498-665f-11dd-a61c-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5bd1a498-665f-11dd-a61c-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{6004164e-9548-11df-abd9-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{6004164e-9548-11df-abd9-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6004164e-9548-11df-abd9-001d7d08ea57}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{65958066-b307-11df-ac1b-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{65958066-b307-11df-ac1b-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{65958066-b307-11df-ac1b-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{7785f758-1228-11e0-ad0e-001d7d08ea57}\Shell\AutoRun\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{7785f758-1228-11e0-ad0e-001d7d08ea57}\Shell\open\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{88d2d412-e116-11dd-a6be-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{88d2d412-e116-11dd-a6be-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88d2d412-e116-11dd-a6be-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{8fc51631-508a-11dd-af5f-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{8fc51631-508a-11dd-af5f-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fc51631-508a-11dd-af5f-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{98c4478c-0d12-11e0-ad02-001d7d08ea57}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{9e40df9a-b412-11de-aa35-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{9e40df9a-b412-11de-aa35-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e40df9a-b412-11de-aa35-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{a3939e36-fb26-11df-ace2-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{a3939e36-fb26-11df-ace2-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{a4dd5388-07b2-11e0-acf8-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{a4dd5388-07b2-11e0-acf8-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4dd5388-07b2-11e0-acf8-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{a6eda2d4-3fc1-11dd-af44-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{a6eda2d4-3fc1-11dd-af44-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a6eda2d4-3fc1-11dd-af44-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{acb91c5e-6198-11dd-a618-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{acb91c5e-6198-11dd-a618-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acb91c5e-6198-11dd-a618-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{b47c2262-3245-11e0-ad4d-001d7d08ea57}\Shell\AutoRun\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{b47c2262-3245-11e0-ad4d-001d7d08ea57}\Shell\open\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{b5eb3e68-9895-11dd-a65c-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{b5eb3e68-9895-11dd-a65c-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5eb3e68-9895-11dd-a65c-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{bfaf393a-5089-11dd-af5d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{bfaf393a-5089-11dd-af5d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfaf393a-5089-11dd-af5d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c43fc27e-a7bb-11dd-a671-001d7d08ea57}\Shell\AutoRun\command - "" = K:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{c43fc27e-a7bb-11dd-a671-001d7d08ea57}\Shell\open\command - "" = K:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{c4e2b925-e2bb-11dd-a6c3-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{c4e2b925-e2bb-11dd-a6c3-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4e2b925-e2bb-11dd-a6c3-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c715b124-ee74-11dd-a6da-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{c715b124-ee74-11dd-a6da-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c715b124-ee74-11dd-a6da-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c9f41ba8-3c26-11dd-af3d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{c9f41ba8-3c26-11dd-af3d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9f41ba8-3c26-11dd-af3d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{cdcbfae5-8522-11dd-a63d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{cdcbfae5-8522-11dd-a63d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cdcbfae5-8522-11dd-a63d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{d30715e2-c2ad-11de-aa5d-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{d30715e2-c2ad-11de-aa5d-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d30715e2-c2ad-11de-aa5d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{f639bc3a-e9d6-11df-acb0-001d7d08ea57}\Shell - "" = AutoRun
O33 - MountPoints2\{f639bc3a-e9d6-11df-acb0-001d7d08ea57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f639bc3a-e9d6-11df-acb0-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{fd1e5efa-085f-11e0-acfa-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{fd1e5efa-085f-11e0-acfa-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe" -a "%1" %* ()

MsConfig - StartUpFolder: I:^Documents and Settings^john lane^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk - - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {05758AA1-E3D4-FA85-1049-A7257F1759F7} - NetShow
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "I:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {13586A15-6B24-E84B-3114-3671CD4445F3} - NetShow
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} - c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - I:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - I:\WINDOWS\system32\Rundll32.exe I:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA327206-00CB-5C64-5316-BF9C5BC6102A} - Internet Explorer
ActiveX: {CB86EC62-CEA7-4C82-9EBA-B7A5E410E54C} - Reg Error: Value error.
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE7F1905-D26E-5123-B9EF-F01A3E851BEC} - Java (Sun)
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF8D3B19-51A0-701A-8513-118042659C1B} - Outlook Express
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - I:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - I:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - I:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "I:\WINDOWS\system32\rundll32.exe" "I:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - I:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - I:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - I:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - I:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - I:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - I:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - I:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - I:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - I:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - I:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - I:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - I:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - I:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - I:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - I:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - I:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - I:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - I:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yvu9 - I:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - I:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - I:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619700398653440)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 23:47:10 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/04/13 10:41:23 | 000,000,000 | ---D | C] -- I:\ERDNT
[2011/04/13 10:41:21 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERUNT
[2011/04/13 10:41:21 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2011/04/13 10:41:15 | 000,000,000 | ---D | C] -- I:\!FixIEDef
[2011/04/12 14:45:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/12 11:23:22 | 001,093,459 | ---- | C] (Zoll Technologies) -- I:\Documents and Settings\john lane\Desktop\FixIEDef.exe
[2011/04/10 12:01:37 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\copies
[2011/04/10 11:29:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Application Data\MonkeyJam
[2011/04/07 13:06:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/07 13:05:21 | 000,000,000 | ---D | C] -- I:\Program Files\iPod
[2011/04/07 00:39:37 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2011/04/04 11:03:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\HIGH TEA
[2011/04/04 10:17:24 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\DivX
[2011/03/15 19:29:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\New Folder (2)
[2011/03/15 19:29:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\john lane\Desktop\ARTISTIQUE MUSIC
[7 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[4 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[2 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2032/01/03 14:53:34 | 073,610,708 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\104_0962.MOV
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\WINDOWS\FS6519.dll.vbs
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\FS6519.dll.vbs
[2011/04/14 10:15:17 | 000,000,102 | RHS- | M] () -- I:\autorun.inf
[2011/04/14 09:56:32 | 000,014,180 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\5v8d0182f4h5
[2011/04/14 09:56:32 | 000,014,180 | -HS- | M] () -- I:\Documents and Settings\All Users\Application Data\5v8d0182f4h5
[2011/04/14 09:49:58 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oxejefiqa.dll
[2011/04/14 09:49:25 | 000,000,886 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/14 09:47:54 | 000,001,306 | ---- | M] () -- I:\WINDOWS\imojagiq.dll
[2011/04/14 09:45:28 | 000,013,868 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/04/14 09:45:00 | 000,175,033 | ---- | M] () -- I:\WINDOWS\System32\nvapps.xml
[2011/04/14 09:44:48 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/04/14 09:41:37 | 000,000,430 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{82B81F60-3795-4CE8-B492-4EE286FA5567}.job
[2011/04/14 09:39:38 | 2145,386,496 | ---- | M] () -- I:\WINDOWS\MEMORY.DMP
[2011/04/13 23:46:55 | 004,320,019 | R--- | M] () -- I:\Documents and Settings\john lane\Desktop\ComboFix.exe
[2011/04/13 23:42:07 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ehanuver.dll
[2011/04/13 11:49:00 | 000,000,882 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 10:50:22 | 000,001,264 | ---- | M] () -- I:\WINDOWS\izogepuwidogodo.dll
[2011/04/13 02:00:00 | 000,000,350 | ---- | M] () -- I:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BLACKGATEJOHN-john lane.job
[2011/04/12 22:13:00 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/12 17:29:55 | 001,093,459 | ---- | M] (Zoll Technologies) -- I:\Documents and Settings\john lane\Desktop\FixIEDef.exe
[2011/04/12 10:49:34 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ipuquxuz.dll
[2011/04/11 21:57:31 | 000,001,264 | ---- | M] () -- I:\WINDOWS\awaqitihumenesan.dll
[2011/04/11 21:08:57 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uyicuvuhoxuq.dll
[2011/04/11 21:01:05 | 000,001,264 | ---- | M] () -- I:\WINDOWS\okuhoxuqux.dll
[2011/04/11 20:14:18 | 000,001,264 | ---- | M] () -- I:\WINDOWS\iwiroquq.dll
[2011/04/11 20:09:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ababevaxitigokid.dll
[2011/04/11 20:09:33 | 000,001,267 | ---- | M] () -- I:\WINDOWS\Uyuzitivumeja.dat
[2011/04/11 19:46:22 | 000,001,264 | ---- | M] () -- I:\WINDOWS\avihaxiqex.dll
[2011/04/11 18:03:24 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ubuwaqiq.dll
[2011/04/11 17:55:01 | 000,001,264 | ---- | M] () -- I:\WINDOWS\obuwaqiqamalanun.dll
[2011/04/11 17:50:18 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uxojehuco.dll
[2011/04/11 17:07:31 | 000,001,264 | ---- | M] () -- I:\WINDOWS\iveteroq.dll
[2011/04/11 16:26:05 | 000,344,064 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
[2011/04/11 11:08:01 | 000,000,000 | ---- | M] () -- I:\WINDOWS\Vnasuqeruzonahu.bin
[2011/04/11 08:04:28 | 000,139,264 | ---- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/10 18:50:11 | 000,000,069 | ---- | M] () -- I:\WINDOWS\NeroDigital.ini
[2011/04/08 04:37:04 | 000,001,542 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/07 02:40:52 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uhepasuyaxukow.dll
[2011/04/07 00:40:39 | 000,001,854 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/07 00:40:39 | 000,001,854 | ---- | M] () -- I:\Documents and Settings\john lane\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/02 11:49:41 | 000,000,368 | ---- | M] () -- I:\WINDOWS\ViewNX.INI
[2011/04/02 11:41:15 | 000,000,020 | -H-- | M] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/04/02 11:40:04 | 000,000,020 | -H-- | M] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/04/01 09:54:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\opucafoj.dll
[2011/03/31 21:42:43 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oxucipih.dll
[2011/03/29 14:04:02 | 000,000,167 | ---- | M] () -- I:\Documents and Settings\john lane\default.pls
[2011/03/28 12:52:37 | 000,031,520 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\2011 Membership Teacher or Teacher Trainee.pdf
[2011/03/26 04:10:11 | 000,001,274 | ---- | M] () -- I:\WINDOWS\owawiqinoqoyej.dll
[2011/03/26 02:08:17 | 000,001,274 | ---- | M] () -- I:\WINDOWS\ovapiqow.dll
[2011/03/25 07:34:05 | 000,001,274 | ---- | M] () -- I:\WINDOWS\aletedapesanuk.dll
[2011/03/25 07:32:09 | 000,001,274 | ---- | M] () -- I:\WINDOWS\iqepodatod.dll
[2011/03/24 20:02:32 | 000,042,217 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\tumblr_lie295At001qz9qooo1_r1_500.jpg
[2011/03/22 12:39:44 | 000,057,512 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\cant help falling in love.jpg
[2011/03/21 07:21:40 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ozekifen.dll
[2011/03/19 22:04:52 | 000,000,000 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\IMG_0340.MOV
[2011/03/19 14:04:57 | 002,193,488 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\hawk attack.jpg
[2011/03/19 13:24:08 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uqifexemexizodul.dll
[2011/03/19 13:22:49 | 000,001,282 | ---- | M] () -- I:\WINDOWS\ikaqesaci.dlld
[2011/03/19 13:22:49 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ikaqesaci.dll
[2011/03/19 10:10:54 | 000,001,264 | ---- | M] () -- I:\WINDOWS\icoyifeg.dll
[2011/03/19 09:17:46 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oyafawina.dll
[2011/03/18 06:17:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\awohilofejinur.dll
[2011/03/18 06:17:02 | 000,001,264 | ---- | M] () -- I:\WINDOWS\akicuzojazi.dll
[2011/03/16 06:55:16 | 000,496,288 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011/03/16 06:55:16 | 000,084,646 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011/03/16 06:54:08 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ocozofuqoqiwogij.dll
[2011/03/15 20:18:34 | 000,001,734 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/15 19:26:54 | 000,580,306 | ---- | M] () -- I:\Documents and Settings\john lane\Desktop\ARTISTIQUE MUSIC.pdf
[7 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[4 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
[2 I:\WINDOWS\System32\dllcache\*.tmp files -> I:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/14 09:51:56 | 000,000,102 | RHS- | C] () -- I:\autorun.inf
[2011/04/14 09:49:58 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxejefiqa.dll
[2011/04/14 09:47:54 | 000,001,306 | ---- | C] () -- I:\WINDOWS\imojagiq.dll
[2011/04/13 23:46:50 | 004,320,019 | R--- | C] () -- I:\Documents and Settings\john lane\Desktop\ComboFix.exe
[2011/04/13 23:42:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ehanuver.dll
[2011/04/13 10:50:22 | 000,001,264 | ---- | C] () -- I:\WINDOWS\izogepuwidogodo.dll
[2011/04/12 10:49:34 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ipuquxuz.dll
[2011/04/11 21:57:31 | 000,001,264 | ---- | C] () -- I:\WINDOWS\awaqitihumenesan.dll
[2011/04/11 21:08:57 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uyicuvuhoxuq.dll
[2011/04/11 21:01:04 | 000,001,264 | ---- | C] () -- I:\WINDOWS\okuhoxuqux.dll
[2011/04/11 20:14:16 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iwiroquq.dll
[2011/04/11 20:09:38 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ababevaxitigokid.dll
[2011/04/11 19:46:22 | 000,001,264 | ---- | C] () -- I:\WINDOWS\avihaxiqex.dll
[2011/04/11 18:03:24 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ubuwaqiq.dll
[2011/04/11 17:55:01 | 000,001,264 | ---- | C] () -- I:\WINDOWS\obuwaqiqamalanun.dll
[2011/04/11 17:50:18 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uxojehuco.dll
[2011/04/11 17:07:31 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iveteroq.dll
[2011/04/11 16:26:06 | 000,014,180 | -HS- | C] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\5v8d0182f4h5
[2011/04/11 16:26:06 | 000,014,180 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\5v8d0182f4h5
[2011/04/11 16:26:05 | 000,344,064 | -HS- | C] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
[2011/04/07 13:06:19 | 000,001,542 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/07 02:40:52 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uhepasuyaxukow.dll
[2011/04/01 09:54:37 | 000,001,264 | ---- | C] () -- I:\WINDOWS\opucafoj.dll
[2011/03/31 21:42:43 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxucipih.dll
[2011/03/28 12:52:36 | 000,031,520 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\2011 Membership Teacher or Teacher Trainee.pdf
[2011/03/26 04:10:11 | 000,001,274 | ---- | C] () -- I:\WINDOWS\owawiqinoqoyej.dll
[2011/03/26 02:08:17 | 000,001,274 | ---- | C] () -- I:\WINDOWS\ovapiqow.dll
[2011/03/25 07:34:04 | 000,001,274 | ---- | C] () -- I:\WINDOWS\aletedapesanuk.dll
[2011/03/25 07:32:09 | 000,001,274 | ---- | C] () -- I:\WINDOWS\iqepodatod.dll
[2011/03/24 20:02:31 | 000,042,217 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\tumblr_lie295At001qz9qooo1_r1_500.jpg
[2011/03/22 12:40:42 | 000,057,512 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\cant help falling in love.jpg
[2011/03/21 07:21:40 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ozekifen.dll
[2011/03/20 09:52:39 | 023,614,184 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\100_2693.MOV
[2011/03/19 22:04:52 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\IMG_0340.MOV
[2011/03/19 13:59:59 | 002,193,488 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\hawk attack.jpg
[2011/03/19 13:24:08 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uqifexemexizodul.dll
[2011/03/19 13:22:49 | 000,001,282 | ---- | C] () -- I:\WINDOWS\ikaqesaci.dlld
[2011/03/19 13:22:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ikaqesaci.dll
[2011/03/19 10:10:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\icoyifeg.dll
[2011/03/19 09:17:46 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oyafawina.dll
[2011/03/18 06:17:37 | 000,001,264 | ---- | C] () -- I:\WINDOWS\awohilofejinur.dll
[2011/03/18 06:17:02 | 000,001,264 | ---- | C] () -- I:\WINDOWS\akicuzojazi.dll
[2011/03/16 06:54:08 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ocozofuqoqiwogij.dll
[2011/03/15 20:18:34 | 000,001,804 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/15 20:18:34 | 000,001,734 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/15 19:26:45 | 000,580,306 | ---- | C] () -- I:\Documents and Settings\john lane\Desktop\ARTISTIQUE MUSIC.pdf
[2011/03/11 08:45:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\owuhimuhabuc.dll
[2011/03/10 16:59:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iyixuqot.dll
[2011/03/10 08:20:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ibenakoh.dll
[2011/03/08 09:12:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\irafupeyeguwivi.dll
[2011/03/07 15:43:32 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uqadajak.dll
[2011/03/07 15:18:19 | 000,001,264 | ---- | C] () -- I:\WINDOWS\orutigihagon.dll
[2011/03/07 13:16:20 | 000,001,264 | ---- | C] () -- I:\WINDOWS\usojasuq.dll
[2011/03/07 11:15:27 | 000,001,264 | ---- | C] () -- I:\WINDOWS\egepaguheyek.dll
[2011/03/03 17:53:25 | 000,001,264 | ---- | C] () -- I:\WINDOWS\avipuzimocinex.dll
[2011/03/03 17:51:55 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ohiriyiji.dll
[2011/02/19 20:32:03 | 000,001,264 | ---- | C] () -- I:\WINDOWS\umuveruq.dll
[2011/02/19 10:23:08 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iwepukogibux.dll
[2011/02/19 05:56:51 | 000,001,264 | ---- | C] () -- I:\WINDOWS\odibugojud.dll
[2011/02/19 03:54:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\utahogeh.dll
[2011/02/19 01:52:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\elarotan.dll
[2011/02/18 23:51:14 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ulezaxijo.dll
[2011/02/09 15:19:28 | 000,001,264 | ---- | C] () -- I:\WINDOWS\asucihic.dll
[2011/02/08 23:37:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ukicuzoj.dll
[2011/02/07 23:31:26 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ojuperamiya.dll
[2011/02/05 10:27:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\obexuguj.dll
[2011/02/03 13:49:59 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ebofupey.dll
[2011/02/03 11:48:18 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ivozidij.dll
[2011/02/03 11:35:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxowayewecigit.dll
[2011/02/03 11:29:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ozexekoc.dll
[2011/02/02 22:44:13 | 000,090,336 | -H-- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2011/01/31 16:18:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ukezejoher.dll
[2011/01/28 11:16:49 | 000,001,267 | ---- | C] () -- I:\WINDOWS\Uyuzitivumeja.dat
[2011/01/28 11:16:49 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Vnasuqeruzonahu.bin
[2011/01/19 19:07:44 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2011/01/15 09:08:47 | 001,276,818 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-152049171-839522115-1004-0.dat
[2011/01/15 09:08:47 | 000,444,030 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/25 04:03:02 | 000,000,127 | ---- | C] () -- I:\WINDOWS\System32\MRT.INI
[2010/11/06 12:47:30 | 000,000,606 | ---- | C] () -- I:\Documents and Settings\john lane\Application Data\AutoGK.ini
[2010/07/13 06:30:47 | 000,000,030 | ---- | C] () -- I:\WINDOWS\Iedit_.INI
[2010/03/04 13:39:15 | 000,003,704 | RHS- | C] () -- I:\WINDOWS\FS6519.dll.vbs
[2009/09/13 12:30:51 | 000,000,120 | ---- | C] () -- I:\WINDOWS\QUICKEN.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- I:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- I:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 13:07:21 | 000,012,150 | ---- | C] () -- I:\WINDOWS\hpdj5100.ini
[2009/04/02 10:25:03 | 000,005,180 | ---- | C] () -- I:\WINDOWS\System32\uacinit.dll
[2009/04/02 10:24:15 | 000,000,127 | ---- | C] () -- I:\WINDOWS\System32\UACpfqqhxid.dat
[2009/03/06 20:18:05 | 002,463,976 | ---- | C] () -- I:\WINDOWS\System32\NPSWF32.dll
[2009/02/10 10:35:39 | 000,002,528 | ---- | C] () -- I:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/02/09 21:19:44 | 000,002,528 | ---- | C] () -- I:\Documents and Settings\john lane\Application Data\$_hpcst$.hpc
[2009/01/31 10:40:20 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\HAL
[2009/01/31 10:40:20 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Graphics
[2009/01/31 10:40:20 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/01/31 10:40:18 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Halftone
[2009/01/31 10:40:18 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Guides
[2009/01/29 20:00:19 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2009/01/29 19:54:35 | 000,000,368 | ---- | C] () -- I:\WINDOWS\ViewNX.INI
[2009/01/29 19:38:39 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Cocoa
[2009/01/29 19:38:39 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Classic Thick
[2009/01/29 19:38:39 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/01/29 19:35:50 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Clean Electric Guitar
[2009/01/29 19:35:50 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\john lane\Application Data\Chiller
[2009/01/29 19:35:50 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2008/12/26 17:16:21 | 000,043,520 | ---- | C] () -- I:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/17 19:52:22 | 000,000,520 | ---- | C] () -- I:\WINDOWS\netdet.ini
[2008/11/29 17:41:50 | 000,118,784 | ---- | C] () -- I:\WINDOWS\dsdxirmv.exe
[2008/06/21 11:43:25 | 000,000,151 | ---- | C] () -- I:\WINDOWS\PhotoSnapViewer.INI
[2008/06/20 21:01:34 | 000,139,264 | ---- | C] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/16 17:10:59 | 000,000,376 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2008/06/16 16:56:29 | 000,000,000 | ---- | C] () -- I:\WINDOWS\lgfwup.ini
[2008/06/14 17:36:44 | 000,000,000 | ---- | C] () -- I:\WINDOWS\mtstack.INI
[2008/06/14 08:20:59 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2008/06/13 21:44:11 | 000,049,152 | ---- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2008/06/13 21:31:32 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2008/06/13 21:28:13 | 000,022,720 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2008/06/13 14:17:03 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2008/06/13 14:16:06 | 003,877,672 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/24 04:52:00 | 001,703,936 | ---- | C] () -- I:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/24 04:52:00 | 001,482,752 | ---- | C] () -- I:\WINDOWS\System32\nview.dll
[2008/03/24 04:52:00 | 001,339,392 | ---- | C] () -- I:\WINDOWS\System32\nvdspsch.exe
[2008/03/24 04:52:00 | 001,019,904 | ---- | C] () -- I:\WINDOWS\System32\nvwimg.dll
[2008/03/24 04:52:00 | 000,466,944 | ---- | C] () -- I:\WINDOWS\System32\nvshell.dll
[2008/03/24 04:52:00 | 000,442,368 | ---- | C] () -- I:\WINDOWS\System32\nvappbar.exe
[2008/03/24 04:52:00 | 000,425,984 | ---- | C] () -- I:\WINDOWS\System32\keystone.exe
[2008/03/24 04:52:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/27 05:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2007/07/27 05:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2007/07/27 05:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2007/07/27 05:00:00 | 000,229,376 | ---- | C] () -- I:\WINDOWS\ahogiqinicim.dll
[2007/07/27 05:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2007/07/27 05:00:00 | 000,094,208 | ---- | C] () -- I:\WINDOWS\wpwmdi.dll
[2007/07/27 05:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2007/07/27 05:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2007/07/27 05:00:00 | 000,027,440 | ---- | C] () -- I:\WINDOWS\System32\drivers\secdrv.sys
[2007/07/27 05:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2007/07/27 05:00:00 | 000,004,461 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2007/07/27 05:00:00 | 000,001,788 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,496,288 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,084,646 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- I:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- I:\WINDOWS\System32\unrar.dll
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/14 10:15:17 | 000,000,102 | RHS- | M] () -- I:\autorun.inf
[2008/06/13 14:15:00 | 000,000,210 | -HS- | M] () -- I:\BOOT.BAK
[2008/07/15 04:22:01 | 000,000,210 | -HS- | M] () -- I:\boot.ini
[2008/06/13 21:46:12 | 000,000,197 | ---- | M] () -- I:\csb.log
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\FS6519.dll.vbs
[2007/07/27 05:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2007/07/27 05:00:00 | 000,250,032 | RHS- | M] () -- I:\ntldr
[2011/04/14 09:44:33 | 2145,386,496 | -HS- | M] () -- I:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/07/15 11:33:43 | 000,000,067 | -HS- | M] () -- I:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/15 04:22:01 | 000,262,144 | ---- | M] () -- I:\WINDOWS\system32\config\default.sav
[2008/07/15 11:15:48 | 000,262,144 | ---- | M] () -- I:\WINDOWS\system32\config\security.sav
[2008/07/15 04:22:01 | 024,641,536 | ---- | M] () -- I:\WINDOWS\system32\config\software.sav
[2008/07/15 04:22:02 | 004,980,736 | ---- | M] () -- I:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/07/27 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- I:\WINDOWS\system32\user32.dll
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2007/07/27 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- I:\WINDOWS\system32\ws2_32.dll
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2007/07/27 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- I:\WINDOWS\system32\ws2help.dll
[4 I:\WINDOWS\system32\*.tmp files -> I:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-10 11:02:45

========== Files - Unicode (All) ==========
[2010/12/30 22:56:28 | 000,000,036 | ---- | M] ()(I:\WINDOWS\System32\??) -- I:\WINDOWS\System32\嚀œ
[2010/12/30 22:56:28 | 000,000,036 | ---- | C] ()(I:\WINDOWS\System32\??) -- I:\WINDOWS\System32\嚀œ
[2010/11/07 17:48:20 | 000,000,036 | ---- | M] ()(I:\WINDOWS\System32\?¼) -- I:\WINDOWS\System32\ᎀ¼
[2010/11/07 17:48:20 | 000,000,036 | ---- | C] ()(I:\WINDOWS\System32\?¼) -- I:\WINDOWS\System32\ᎀ¼

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

#6
ZivaDappa
Posted 14 April 2011 - 09:24 AM

ZivaDappa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras logfile created on: 4/14/2011 10:13:38 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = L:\VI
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 931.51 Gb Total Space | 740.38 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive I: | 465.75 Gb Total Space | 142.01 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 64.76 Gb Free Space | 21.73% Space Free | Partition Type: NTFS

Computer Name: BLACKGATEJOHN | User Name: john lane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe ()
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- I:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Nexon\Combat Arms\CombatArms.exe" = I:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"I:\Nexon\Combat Arms\Engine.exe" = I:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Installation\Setupx.exe" = H:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"I:\Program Files\GIGABYTE\GEST\run.exe" = I:\Program Files\GIGABYTE\GEST\run.exe:*:Enabled:update -- ()
"I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"I:\Nexon\Combat Arms\CombatArms.exe" = I:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"I:\Nexon\Combat Arms\Engine.exe" = I:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"I:\WINDOWS\explorer.exe" = I:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"I:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = I:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Disabled:Age of Empires III -- (Ensemble Studios)
"I:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = I:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Disabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"I:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = I:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"I:\Program Files\AVG\AVG9\avgam.exe" = I:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe
"I:\Program Files\AVG\AVG9\avgdiagex.exe" = I:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe
"I:\Program Files\AVG\AVG9\avgupd.exe" = I:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"I:\Program Files\AVG\AVG9\avgnsx.exe" = I:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"I:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = I:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A3210EE-7494-4879-9270-A721ED7F9947}" = Gamer HUD
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Alpha ASIO driver" = Lexicon Alpha ASIO (remove only)
"AMA" = AutoCAD 2000 Migration Assistance
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.21
"Ashampoo Photo Optimizer 3_is1" = Ashampoo Photo Optimizer 3.11
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Cakewalk Pyro 1.5" = Cakewalk Pyro 1.5
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"conduitEngine" = Conduit Engine
"DAO 3.5" = DAO 3.5
"DreamStation DXi2" = DreamStation DXi2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Facebook Chat_is1" = Facebook Chat
"Google Updater" = Google Updater
"Home Studio 2004" = Home Studio 2004
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"Project5 Trial" = Project5 Trial
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VCarve Pro" = VCarve Pro 5.5
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"790a8a4cad536f51" = Fishbowl 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2011 7:54:08 PM | Computer Name = BLACKGATEJOHN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 3/28/2011 11:13:27 PM | Computer Name = BLACKGATEJOHN | Source = Age of Empires 3 | ID = 1000
Description =

Error - 3/28/2011 11:14:49 PM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.1.2.17, faulting module
d3d9.dll, version 5.3.2600.2180, fault address 0x000a75ae.

Error - 3/28/2011 11:39:29 PM | Computer Name = BLACKGATEJOHN | Source = Age of Empires 3 | ID = 1000
Description =

Error - 3/29/2011 12:15:48 AM | Computer Name = BLACKGATEJOHN | Source = Age of Empires 3 | ID = 1000
Description =

Error - 4/1/2011 12:37:40 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module ahogiqinicim.dll, version 0.0.0.0, fault address 0x0002202b.

Error - 4/1/2011 12:37:57 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 4/1/2011 2:57:44 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wininet.dll, version 8.0.6001.18923, fault address 0x000797fd.

Error - 4/1/2011 9:56:33 AM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 4/1/2011 12:54:34 PM | Computer Name = BLACKGATEJOHN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module ahogiqinicim.dll, version 0.0.0.0, fault address 0x0002202b.

[ System Events ]
Error - 4/14/2011 2:40:48 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 4/14/2011 2:45:14 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/14/2011 3:02:39 AM | Computer Name = BLACKGATEJOHN | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -60966 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|116.199.233.142:123->207.46.232.182:123) is
working properly.

Error - 4/14/2011 3:08:03 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/14/2011 3:08:08 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/14/2011 3:08:10 AM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/14/2011 12:40:44 PM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/14/2011 12:41:15 PM | Computer Name = BLACKGATEJOHN | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\D.

Error - 4/14/2011 12:45:29 PM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 4/14/2011 12:50:00 PM | Computer Name = BLACKGATEJOHN | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0

#7
ZivaDappa
Posted 14 April 2011 - 09:31 AM

ZivaDappa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-14 14:37:13
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: I:\DOCUME~1\JOHNLA~1\LOCALS~1\Temp\kwroyaoc.sys


---- System - GMER 1.0.15 ----

SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x805A3106]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x805EF390]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x805F2BC6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x805EF3C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x805F2C00]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x805EF3F8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x805F2C44]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x805F2C88]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x80613BCC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x80614900]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x805EA740]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805EA398]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x805D33D4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x805D3384]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x806141F2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x805B49FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x8061380E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x805A7590]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805AF00E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805D4E98]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x80500DD4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x80614E3E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x8057596C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x80537E4E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x8060CE16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x805BAF74]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x805F3100]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x80621D12]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x805F7614]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x805A37F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x80621F66]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x805A30A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x80544104]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x806401C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805BCE28]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x8060CE66]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x80615184]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x80577ECA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x8057675C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805D3E5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x805D3B94]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x80622142]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x80577FD8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x8061557C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x80577F04]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805AA4C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x805A3BC2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805CFAE4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x805CFA2E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x8061599C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x805A9E9E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x80612F2C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805C36A8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x805CF8CC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x80614E4C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805F79BC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805A3BE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x806412A2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x806413F2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x80614850]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x80614082]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x80575AB2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x806225DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x805F320C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x806227AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x80578090]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x80610EAA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x805BC950]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x805EB5DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x8062298E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x806148F2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80622BF8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x805B271A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805EB78A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x80613E36]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x80575B7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x805B528E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x80622E62]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x805AB1D8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x805B5230]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x805B4D9C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x805B19F6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x805780C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x805CFDDE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x805C6FC8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x80597E76]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x80520498]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x805F7308]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x805A3C50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x805D6058]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x80620106]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x805C6DAE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x805D3A58]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x805C6FB4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805A3E5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x80582EA6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x80623E9A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x80623AE4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x805780F8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x8061149C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x80622012]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B5396]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x805BCC1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x805BB018]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x805B3E5A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x805B43AA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x805B0A7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x80578D10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x80623E64]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x80622F64]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x805BCEFA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x8060CF66]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x8061525C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x80578FC8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x80576834]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x805D3FE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x806234E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x80615654]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805F2CCE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x805C9D0E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x805EBFD6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x805EBBDC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x805A8EC2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x80613026]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x805C388E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x805C9F9A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x805EBFF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x805EBD4C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x80614F6E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x80643494]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x805C7DFC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x805F63BA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805F1FE0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805F21CC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x805B6E62]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x8060D01E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x80575D5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x8053EE36]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x8060EBF0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8060F850]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x80578CAA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x805BCF9A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x80578FF8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x8060D0E6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x80575E94]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x806140AA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x80579864]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x805D44B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x805A3EBA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x805CB862]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x805CA490]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x805EC0D4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8060EFEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80615E1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x805768DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x80623824]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x80621310]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x806156FC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x805C2DC8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x80621976]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x80615EAC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x8057A5FC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x805B7024]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805BEA86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x806130DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x805C392E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x8061491C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x806148E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8060F8D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x80611076]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x80615026]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x80611108]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x806201E8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x805B76B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057AAE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x805CFB2A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x8054414C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x80612D50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x8057B286]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x8057B7F0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x805A4942]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x805B2D06]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x805D0FEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x80615834]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x8061320E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x80576BD4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x80641372]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x80621B68]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x80623D4A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x805A3FC2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x805A4F8A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x805A4992]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x805A42AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x805C6F46]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805A1520]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x805A184C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x805C6D54]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8060D1F8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x80520980]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x80620536]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x805D332E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x805D3210]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x806205D8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x80620668]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x80620734]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x805A283A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x805CFFEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x8064402A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x80612BFA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x8060ED40]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x8060F5B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x8057950C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x8060D2B8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x8060D382]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x80615518]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80615448]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x80640D3C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x80579E30]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805D51C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x80620EDC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x805C233E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x805CC758]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x805CA9DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805F8736]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x80615980]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x80576B72]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x805D215A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x806154B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x806153DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x8057A5DA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x805BE9BA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x80614BA0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x8060DC1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x80650E26]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x8061237E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805C6C68]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x80537FDE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x80611850]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x806136C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x806207EE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x8057AEF0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x80610E6E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80525A60]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80615BCA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80615D74]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x805D32D8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x805D314A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x80615F98]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x805D5D56]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x805D1238]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x805D1432]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x805D3498]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x80534374]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x8061490E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x8058303A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x80620AB6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x80620CAC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x8057849C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x805B5924]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x805B188C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805F9AEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x80640AA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805BF0DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x805BEFF2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x80615378]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x80615314]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x8057BCEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x8057C2D2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x805A496A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x805B2E10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x80503FF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x806163F0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x806164DA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x8061658C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x806167E8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x805CA210]

INT 0x00 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541420
INT 0x01 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054159C
INT 0x03 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805419B0
INT 0x04 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541B30
INT 0x05 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541C90
INT 0x06 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541E04
INT 0x07 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054247C
INT 0x09 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542880
INT 0x0A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805429A0
INT 0x0B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542AE0
INT 0x0C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542D40
INT 0x0D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054302C
INT 0x0E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543740
INT 0x0F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x10 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543B98
INT 0x11 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543CD4
INT 0x12 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x13 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543E3C
INT 0x14 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x15 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x16 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x17 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x18 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x19 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x1A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x1B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x1C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x1D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x1E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E410C
INT 0x2A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540C4E
INT 0x2B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540D50
INT 0x2C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540F00
INT 0x2D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054188C
INT 0x2E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805406D1
INT 0x2F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A78
INT 0x30 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD90
INT 0x31 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD9A
INT 0x32 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDA4
INT 0x33 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDAE
INT 0x34 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDB8
INT 0x35 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDC2
INT 0x36 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDCC
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3864
INT 0x38 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDE0
INT 0x39 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDEA
INT 0x3A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDF4
INT 0x3B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDFE
INT 0x3C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE08
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4E2C
INT 0x3E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE1C
INT 0x3F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE26
INT 0x40 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE30
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4C88
INT 0x42 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE44
INT 0x43 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE4E
INT 0x44 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE58
INT 0x45 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE62
INT 0x46 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE6C
INT 0x47 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE76
INT 0x48 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE80
INT 0x49 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE8A
INT 0x4A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE94
INT 0x4B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE9E
INT 0x4C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEA8
INT 0x4D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEB2
INT 0x4E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEBC
INT 0x4F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEC6
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E393C
INT 0x51 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEDA
INT 0x52 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEE4
INT 0x53 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEEE
INT 0x54 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEF8
INT 0x55 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF02
INT 0x56 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF0C
INT 0x57 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF16
INT 0x58 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF20
INT 0x59 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF2A
INT 0x5A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF34
INT 0x5B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF3E
INT 0x5C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF48
INT 0x5D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF52
INT 0x5E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF5C
INT 0x5F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF66
INT 0x60 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF70
INT 0x61 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF7A
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0x63 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) BA0BE1C6
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9248BCA
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9248BCA
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9248BCA
INT 0x63 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) BA0BE1C6
INT 0x64 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF98
INT 0x65 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFA2
INT 0x66 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFAC
INT 0x67 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFB6
INT 0x68 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFC0
INT 0x69 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFCA
INT 0x6A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFD4
INT 0x6B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFDE
INT 0x6C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFE8
INT 0x6D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFF2
INT 0x6E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFFC
INT 0x6F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540006
INT 0x70 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540010
INT 0x71 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054001A
INT 0x72 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540024
INT 0x73 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9DF6E80
INT 0x74 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540038
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540042
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054004C
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540056
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540060
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054006A
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540074
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054007E
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540088
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540092
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054009C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400A6
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400B0
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400BA
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0x83 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B9EF5DA8
INT 0x83 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B9252B78
INT 0x83 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9248BCA
INT 0x83 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B9EF5DA8
INT 0x84 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9248BCA
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400E2
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400EC
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400F6
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540100
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054010A
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540114
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054011E
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540128
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540132
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054013C
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540146
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540150
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054015A
INT 0x92 \SystemRoot\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) BA228A30
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA238495
INT 0x94 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) B920BBD8
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540182
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054018C
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540196
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401A0
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401AA
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401B4
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401BE
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401C8
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401D2
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401DC
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401E6
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401F0
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401FA
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540204
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA23FD80
INT 0xA4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9248BCA
INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540222
INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054022C
INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540236
INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540240
INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054024A
INT 0xAA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540254
INT 0xAB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054025E
INT 0xAC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540268
INT 0xAD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540272
INT 0xAE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054027C
INT 0xAF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540286
INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540290
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) B9F8431E
INT 0xB2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402A4
INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402AE
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9248BCA
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402C2
INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402CC
INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402D6
INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402E0
INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402EA
INT 0xBA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402F4
INT 0xBB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402FE
INT 0xBC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540308
INT 0xBD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540312
INT 0xBE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054031C
INT 0xBF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540326
INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540330
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3AC0
INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540344
INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054034E
INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540358
INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540362
INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054036C
INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540376
INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540380
INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054038A
INT 0xCA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540394
INT 0xCB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054039E
INT 0xCC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403A8
INT 0xCD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403B2
INT 0xCE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403BC
INT 0xCF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403C6
INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403D0
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E32A0
INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403E4
INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403EE
INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805403F8
INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540402
INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054040C
INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540416
INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540420
INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054042A
INT 0xDA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540434
INT 0xDB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054043E
INT 0xDC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540448
INT 0xDD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540452
INT 0xDE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054045C
INT 0xDF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540466
INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540470
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4048
INT 0xE2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540484
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3DAC
INT 0xE4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540498
INT 0xE5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404A2
INT 0xE6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404AC
INT 0xE7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404B6
INT 0xE8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404C0
INT 0xE9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404CA
INT 0xEA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404D4
INT 0xEB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404DE
INT 0xEC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404E8
INT 0xED \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404F2
INT 0xEE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805404F9
INT 0xEF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540500
INT 0xF0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540507
INT 0xF1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054050E
INT 0xF2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540515
INT 0xF3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054051C
INT 0xF4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540523
INT 0xF5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054052A
INT 0xF6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540531
INT 0xF7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540538
INT 0xF8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054053F
INT 0xF9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540546
INT 0xFA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054054D
INT 0xFB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540554
INT 0xFC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054055B
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E45A8
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4748
INT 0xFF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540570

SYSENTER \WINDOWS\system32\ntkrnlpa.exe 805407A0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + C72 8054099A 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 2BE 80544F0E 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntkrnlpa.exe!KiDispatchInterrupt + 2D6 80544F26 1 Byte [00]
.text ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal 80545914 1 Byte [90]
.text hal.dll!HalBeginSystemInterrupt + 996 806E58FE 5 Bytes [A0, 6E, 80, 02, 03] {MOV AL, [0x302806e]}
.text hal.dll!HalBeginSystemInterrupt + 99E 806E5906 4 Bytes [24, A7, 06, 32]
.text hal.dll!HalBeginSystemInterrupt + 9A4 806E590C 1 Byte [04]
.text hal.dll!HalBeginSystemInterrupt + 9A4 806E590C 11 Bytes [04, 00, 24, 41, 06, 32, EC, ...]
.text hal.dll!HalBeginSystemInterrupt + 9B0 806E5918 15 Bytes [04, A0, 02, 32, E1, 05, 99, ...] {ADD AL, 0xa0; ADD DH, [EDX]; LOOPZ 0xb; CDQ ; ADC EAX, [EAX+EAX*4]; JMP 0x16; OR SS:[EBX], EAX}
.text ...
.text nv4_mini.sys B95CB2C0 427 Bytes [8B, 44, 24, 08, 83, F8, 05, ...]
.text nv4_mini.sys B95CB46C 132 Bytes [0F, 0F, B6, 4C, 24, 0C, 88, ...]
.text nv4_mini.sys B95CB4F4 9 Bytes [5E, 3B, C3, 5B, 74, 0D, 66, ...]
.text nv4_mini.sys B95CB501 8 Bytes [83, C4, 0C, C2, 14, 00, 66, ...]
.text nv4_mini.sys B95CB50D 11 Bytes [66, 3D, 00, 01, 74, 09, 0F, ...]
.text ...
.text I:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9265360, 0x37192D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? I:\WINDOWS\system32\RUNDLL32.EXE[504] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\WINDOWS\System32\WScript.exe[512] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[524] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] ole32.dll!OleLoadFromStream 77518C62 5 Bytes JMP 30F8F621 I:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] OLEAUT32.DLL!SysFreeString 77124850 5 Bytes JMP 30CD1EC2 I:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] OLEAUT32.DLL!VariantClear 771248C0 5 Bytes JMP 30CD470D I:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] OLEAUT32.DLL!SysAllocStringByteLen 77124C55 5 Bytes JMP 30CD489B I:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] OLEAUT32.DLL!VariantChangeType 771266D9 5 Bytes JMP 30CE8CF4 I:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
? I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] pkmws.dll!CreateSemaphoreW + 1 4997B150 4 Bytes JMP 7C810097 I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] pkmws.dll!GetModuleFileNameW + 1 4997B1BE 4 Bytes JMP 7C80B3E6 I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[600] pkmws.dll!GetModuleHandleW + 1 4997B1C3 4 Bytes JMP 7C80E44E I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
? I:\Program Files\iTunes\iTunesHelper.exe[1020] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1044] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
.text I:\Program Files\Windows Live\Messenger\msnmsgr.exe[1172] I:\Program Files\Windows Live\Messenger\msnmsgr.exe section is writeable [0x00401000, 0x2F9324, 0xE0000020]
? I:\Program Files\Windows Live\Messenger\msnmsgr.exe[1172] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\WINDOWS\system32\ctfmon.exe[1296] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\WINDOWS\system32\rundll32.exe[1544] I:\WINDOWS\wpwmdi.dll number of sections mismatch;
? I:\WINDOWS\system32\rundll32.exe[1544] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\WINDOWS\explorer.exe[1800] I:\WINDOWS\wpwmdi.dll number of sections mismatch;
? I:\WINDOWS\explorer.exe[1800] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2064] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\Program Files\Logitech\SetPoint\SetPoint.exe[2080] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2172] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2528] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
? I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe[3288] IMAGE_DOS_SIGNATURE not found;
? I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe[3288] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL
UPX1 I:\Documents and Settings\john lane\Desktop\gmer.exe[4016] I:\Documents and Settings\john lane\Desktop\gmer.exe entry point in "UPX1" section [0x004B8F10]
? I:\Documents and Settings\john lane\Desktop\gmer.exe[4016] I:\WINDOWS\ahogiqinicim.dll image checksum mismatch; unknown module: OLEAUT32.dllunknown module: IEPlugin.DLL

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\InCDfs \InCDFsDisk InCDfs.SYS (InCD File System Driver/Nero AG)
Device \FileSystem\InCDfs \InCDFsDisk InCDfs.SYS (InCD File System Driver/Nero AG)
Device \FileSystem\InCDfs \InCDFsDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WudfPf \Device\WUDFLpcDevice WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Driver\PnpManager \Device\00000033 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000033 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000026
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000034 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000034 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000040
Device \Device\00000027
Device \Driver\swenum \Device\KSENUM#00000002 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000035 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000035 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Fips \Device\Fips Fips.SYS (FIPS Crypto Driver/Microsoft Corporation)
Device \Driver\Fips \Device\Fips ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000041
Device \Device\00000028
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WudfPf \Device\ProcessManagement WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Device\Video1
Device \Device\{B6D68985-DCB1-4449-AE4A-7A370AE8D3DB}
Device \Driver\ACPI \Device\00000042 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000036
Device \Device\00000029
Device \Driver\NIC1394 \Device\{10314903-7AD5-4EC2-96BB-D670E0890DBE} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Device\Video2
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\KeyboardClass2
Device \Driver\GearAspiSys \Device\GEARAspiSysDevice gearaspisys.sys (GEARAspi Filter Driver/GEAR Software)
Device \Driver\GearAspiSys \Device\GEARAspiSysDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Serial \Device\Serial0 serial.sys (Serial Device Driver/Microsoft Corporation)
Device \Driver\Serial \Device\Serial0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\RdpDrDvMgr
Device \Driver\ACPI \Device\00000050 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000043
Device \Device\00000037
Device \Device\0000000a
Device \Device\Video3
Device \Driver\usbuhci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Processor
Device \Device\00000051
Device \Device\00000044
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmIoDaemon dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmIoDaemon ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmConfig dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmConfig ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmPnP dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmPnP ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmInfo dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmInfo ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\i
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000039 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000039 hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDrPort rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000060 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000054 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\PSched NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000061 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\GEARAspiWDM \Device\GEARAspiWDMDevice GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)
Device \Driver\L8042mou \Device\L8042mou L8042mou.Sys (Logitech PS/2 Mouse Filter Driver./Logitech Inc.)
Device \Driver\L8042mou \Device\L8042mou ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000055 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000048 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\InCDPass \Device\INCD_PSEUDO_DEVICE InCDPass.sys (Ahead RW Filter Driver/Nero AG)
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{A28E31F4-F8A7-4CD2-B251-EFEB7551B582} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{A28E31F4-F8A7-4CD2-B251-EFEB7551B582} ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Parport \Device\ParallelPort0 parport.sys (Parallel Port Driver/Microsoft Corporation)
Device \Driver\Parport \Device\ParallelPort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ParVdm \Device\ParallelVdm0 ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation)
Device \Driver\ParVdm \Device\ParallelVdm0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000062 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0010 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0010 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\isapnp \Device\00000056 isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\00000056 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000049 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDr rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-6 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-6 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0011 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0011 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000070 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000070 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\RTLE8023xp \Device\{A28E31F4-F8A7-4CD2-B251-EFEB7551B582} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ohci1394 \Device\00000064 1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation)
Device \Driver\ohci1394 \Device\00000064 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Http\Filter
Device \Device\Http\AppPool
Device \Device\Http\Control
Device \Driver\usbehci \Device\USBPDO-7 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0012 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0012 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000071 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000071 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{59EAB372-2298-4C0F-A874-8B047C5BAA1A} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ks.sys (Kernel CSA Library/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio sysaudio.sys (System Audio WDM Filter/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-8 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-8 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0013 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0013 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000065 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom1 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-9 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-9 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000066 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000080 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000080 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000074 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000074 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{AED4310E-09D2-4AA7-98B2-5517DF1082DB} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0021 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0021 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000067 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0015 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0015 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0022 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0022 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000081 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000081 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-10 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-10 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000075 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000075 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PxHelp20 \Device\PxHelperDevice0 PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)
Device \Driver\ACPI \Device\00000068 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000082 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000082 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-11 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-11 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000076 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000076 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{95BA6EFA-6903-4673-A040-0FA6914BA0E9} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000083 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000083 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000077 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000077 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#0000000c swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#0000000c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000084 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000084 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\InCDfs \Device\InCDfsComm InCDfs.SYS (InCD File System Driver/Nero AG)
Device \FileSystem\InCDfs \Device\InCDfsComm InCDfs.SYS (InCD File System Driver/Nero AG)
Device \FileSystem\InCDfs \Device\InCDfsComm ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000078 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000078 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Arp1394 \Device\ARP1394 arp1394.sys (IP/1394 Arp Client/Microsoft Corporation)
Device \Driver\Arp1394 \Device\ARP1394 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000085 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000085 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbstor \Device\00000079 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\00000079 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\incdrm \Device\MrwR00000000 incdrm.SYS (Nero MRW Filter Driver/Nero AG)
Device \Driver\ACPI \Device\0000004c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbstor \Device\00000086 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\00000086 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\incdrm \Device\MrwR00000001 incdrm.SYS (Nero MRW Filter Driver/Nero AG)
Device \Driver\ACPI \Device\0000004d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbstor \Device\00000087 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\00000087 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbstor \Device\00000088 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\00000088 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\Wanarp \Device\WANARP wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \Driver\RTLE8023xp \Device\RealTekCard NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\00000089 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\00000089 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x74701a8200+1
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Device\Harddisk1\DP(1)0x7e00-0xe8e0b38200+3
Device \Driver\Disk \Device\Harddisk1\DR2 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk1\DR2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\AsyncMac \Device\ASYNCMAC NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk2\DR4 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk2\DR4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{7A179140-C741-4D8D-80FE-688C421F785A} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk3\DR5 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk3\DR5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\kwroyaoc \Device\kwroyaoc kwroyaoc.sys
Device \Driver\kwroyaoc \Device\kwroyaoc ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ptilink \Device\ParTechInc0 ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)
Device \Driver\Ptilink \Device\ParTechInc0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk4\DR6 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk4\DR6 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000006e usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000006e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmload \Device\DmLoader dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.)
Device \Driver\dmload \Device\DmLoader ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk5\DP(1)0-0+c CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk5\DP(1)0-0+c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk5\DR7 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk5\DR7 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000006f usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000006f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbstor \Device\0000007d USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\0000007d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk6\DR8 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk6\DR8 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Harddisk6\DP(1)0x7e00-0x4a85ad0400+d
Device \Driver\usbuhci \Device\USBFDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\InCDPass \Device\INCDPASS_REAL_DEVICE00000001 InCDPass.sys (Ahead RW Filter Driver/Nero AG)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbstor \Device\0000008a USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\0000008a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-5 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\InCDPass \Device\INCDPASS_REAL_DEVICE00000002 InCDPass.sys (Ahead RW Filter Driver/Nero AG)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\usbstor \Device\0000008b USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\0000008b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\AsyncMac \Device\{047BACCE-C877-4C32-80E4-D325EE0C0A26} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-6 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-6 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbstor \Device\0000008c USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\usbstor \Device\0000008c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000030 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000030 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-7 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-7 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\JRAID \Device\Scsi\JRAID1 SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation)
Device \Driver\JRAID \Device\Scsi\JRAID1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\JRAID \Device\Scsi\JRAID1 jraid.sys (JMicron JMB36X RAID Driver/JMicron Technology Corp.)
Device \Driver\LMouKE \Device\lmouke LMouKE.Sys (Logitech Filter Driver for Mouse Class./Logitech Inc.)
Device \Driver\LMouKE \Device\lmouke ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\y
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\InCDfs \GLOBAL??\BsUDF InCDfs.SYS (InCD File System Driver/Nero AG)
Device \FileSystem\InCDfs \GLOBAL??\BsUDF InCDfs.SYS (InCD File System Driver/Nero AG)
Device \FileSystem\InCDfs \GLOBAL??\BsUDF ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 804D7000-806E2000 (2142208 bytes)
Module \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E2000-80702D00 (134400 bytes)
Module \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) BA5A8000-BA5AA000 (8192 bytes)
Module \WINDOWS\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) BA4B8000-BA4BB000 (12288 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) B9F79000-B9FA7000 (188416 bytes)
Module \WINDOWS\system32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) BA5AA000-BA5AC000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) B9F68000-B9F79000 (69632 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) BA0A8000-BA0B1000 (36864 bytes)
Module ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) BA0B8000-BA0C7000 (61440 bytes)
Module \WINDOWS\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) BA0C8000-BA0D5000 (53248 bytes)
Module pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) BA670000-BA671000 (4096 bytes)
Module \WINDOWS\system32\DRIVERS\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) BA328000-BA32F000 (28672 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) BA0D8000-BA0E3000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) B9F49000-B9F68000 (126976 bytes)
Module dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) BA5AC000-BA5AE000 (8192 bytes)
Module dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) B9F23000-B9F49000 (155648 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) BA330000-BA335000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) BA0E8000-BA0F5000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F0B000-B9F23000 (98304 bytes)
Module jraid.sys (JMicron JMB36X RAID Driver/JMicron Technology Corp.) BA0F8000-BA108000 (65536 bytes)
Module \WINDOWS\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B9EF3000-B9F0B000 (98304 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) BA108000-BA111000 (36864 bytes)
Module \WINDOWS\system32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) BA118000-BA125000 (53248 bytes)
Module fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) B9ED4000-B9EF3000 (126976 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) B9EC2000-B9ED4000 (73728 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) BA128000-BA132000 (40960 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) B9EAB000-B9EC2000 (94208 bytes)
Module WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) B9E98000-B9EAB000 (77824 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) B9E0B000-B9E98000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9DDE000-B9E0B000 (184320 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) B9DC3000-B9DDE000 (110592 bytes)
Module \SystemRoot\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) BA208000-BA211000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 174.74 /NVIDIA Corporation) B9265000-B98A4000 (6549504 bytes)
Module \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B9251000-B9265000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) BA490000-BA495000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B922E000-B9251000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) BA498000-BA49F000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) B9209000-B922E000 (151552 bytes)
Module \SystemRoot\system32\DRIVERS\Rtenicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) B91EF000-B9209000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) BA218000-BA228000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) BA228000-BA238000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) B9B54000-B9B58000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) B91DB000-B91EF000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA238000-BA245000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\L8042mou.Sys (Logitech PS/2 Mouse Filter Driver./Logitech Inc.) BA248000-BA256000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\LMouKE.Sys (Logitech Filter Driver for Mouse Class./Logitech Inc.) B91C9000-B91DB000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) BA4A0000-BA4A6000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\L8042Kbd.sys (Logitech PS2 Keyboard Filter Driver./Logitech Inc.) B9B50000-B9B54000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) BA4A8000-BA4AE000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) BA258000-BA263000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) BA268000-BA278000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) BA278000-BA287000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) B91A6000-B91C9000 (143360 bytes)
Module \SystemRoot\System32\DRIVERS\InCDPass.sys (Ahead RW Filter Driver/Nero AG) BA4B0000-BA4B8000 (32768 bytes)
Module \SystemRoot\System32\Drivers\incdrm.SYS (Nero MRW Filter Driver/Nero AG) BA288000-BA291000 (36864 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) BA350000-BA356000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) BA753000-BA754000 (4096 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) BA298000-BA2A5000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) B9B3C000-B9B3F000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) B918F000-B91A6000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) BA2A8000-BA2B3000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) BA2B8000-BA2C4000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) BA388000-BA38D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) B917E000-B918F000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) BA2C8000-BA2D1000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BA390000-BA395000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) BA398000-BA39D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) B914D000-B917E000 (200704 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) BA2D8000-BA2E2000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) BA5DC000-BA5DE000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) B9119000-B914D000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) B98B0000-B98B4000 (16384 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) BA2E8000-BA2F2000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) BA308000-BA317000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) BA5DE000-BA5E0000 (8192 bytes)
Module \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.) B679F000-B6C3E000 (4845568 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) B677B000-B679F000 (147456 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) BA318000-BA327000 (61440 bytes)
Module \SystemRoot\System32\drivers\gearaspisys.sys (GEARAspi Filter Driver/GEAR Software) BA3B8000-BA3BE000 (24576 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) BA5E2000-BA5E4000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) BA791000-BA792000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) BA5E4000-BA5E6000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) BA3C0000-BA3C7000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) BA3C8000-BA3CE000 (24576 bytes)
Module \SystemRoot\System32\Drivers\mnmdd.SYS (Frame buffer simulator/Microsoft Corporation) BA5E6000-BA5E8000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) BA5E8000-BA5EA000 (8192 bytes)
Module \SystemRoot\System32\Drivers\InCDrec.SYS (InCD File System Recognizer/Nero AG) B9D8B000-B9D8E000 (12288 bytes)
Module \SystemRoot\System32\Drivers\InCDfs.SYS (InCD File System Driver/Nero AG) B66EF000-B670B000 (114688 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) BA3D0000-BA3D5000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) BA3D8000-BA3E0000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) B9D87000-B9D8A000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) B66DC000-B66EF000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) B6684000-B66DC000 (360448 bytes)
Module \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) B665C000-B6684000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) BA158000-BA161000 (36864 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) B663A000-B665C000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) B9A3B000-B9A4A000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) B9A2B000-B9A34000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) B656E000-B659A000 (180224 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) B64FF000-B656E000 (454656 bytes)
Module \SystemRoot\System32\Drivers\Fips.SYS (FIPS Crypto Driver/Microsoft Corporation) B9A1B000-B9A24000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) B99FB000-B9A0B000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) BA3E8000-BA3F0000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) BA3F8000-BA3FF000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) B8D4E000-B8D51000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) B99DB000-B99E4000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\kbdhid.sys (HID Mouse Filter Driver/Microsoft Corporation) B8D4A000-B8D4E000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) B8D46000-B8D49000 (12288 bytes)
Module \SystemRoot\System32\Drivers\dump_atapi.sys B64BF000-B64D7000 (98304 bytes)
Module \SystemRoot\System32\Drivers\dump_WMILIB.SYS BA5F8000-BA5FA000 (8192 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C4000 (1851392 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) B676F000-B6772000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) BA400000-BA405000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF000000-BF012000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) BA751000-BA752000 (4096 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 174.74 /NVIDIA Corporation) BF012000-BF5C5000 (5976064 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) B5F4A000-B5F77000 (184320 bytes)
Module \SystemRoot\System32\Drivers\ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation) BA646000-BA648000 (8192 bytes)
Module \SystemRoot\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) B5E45000-B5E5A000 (86016 bytes)
Module \SystemRoot\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) B60E7000-B60F6000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) B5ACF000-B5B26000 (356352 bytes)
Module \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) B55DE000-B561F000 (266240 bytes)
Module \SystemRoot\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) B4913000-B4917000 (16384 bytes)
Module \SystemRoot\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) B3E17000-B3E41000 (172032 bytes)
Module \??\I:\DOCUME~1\JOHNLA~1\LOCALS~1\Temp\kwroyaoc.sys (GMER) B3DFE000-B3E17000 (102400 bytes)
Module \WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B2000 (729088 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process I:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 174.74/NVIDIA Corporation) 180
Library I:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 174.74/NVIDIA Corporation) 0x00400000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library I:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library I:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library I:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library I:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library I:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 174.74 /NVIDIA Corporation) 0x007E0000
Library I:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library I:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library I:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library I:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library I:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library I:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library I:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library I:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library I:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library I:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library I:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library I:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library I:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library I:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library I:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library I:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library I:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000

Process I:\Program Files\CyberLink\Shared Files\RichVideo.exe 220
Library I:\Program Files\CyberLink\Shared Files\RichVideo.exe 0x00400000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\MSVCRT.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library I:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library I:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library I:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library I:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library I:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library I:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library I:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000

Process I:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 296
Library I:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library I:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library I:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library I:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library I:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library I:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library i:\windows\system32\wiaservc.dll (Still Image Devices Service/Microsoft Corporation) 0x75AA0000
Library i:\windows\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74AE0000
Library i:\windows\system32\setupapi.DLL (Windows Setup API/Microsoft Corporation) 0x77920000
Library i:\windows\system32\mscms.dll (Microsoft Color Matching System DLL/Microsoft Corporation) 0x73B30000
Library i:\windows\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library i:\windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library i:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library I:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library I:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library I:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library I:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library I:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library I:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library I:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library I:\WINDOWS\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71D40000
Library I:\WINDOWS\system32\sti.dll (Still Image Devices client DLL /Microsoft Corporation) 0x73BA0000

Process I:\WINDOWS\system32\RUNDLL32.EXE (Run a DLL as an App/Microsoft Corporation) 504
Library I:\WINDOWS\system32\RUNDLL32.EXE (Run a DLL as an App/Microsoft Corporation) 0x01000000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library I:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library I:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library I:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library I:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library I:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library I:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library I:\WINDOWS\system32\NvMcTray.dll (NVIDIA Media Center Library/NVIDIA Corporation) 0x10000000
Library I:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 174.74 /NVIDIA Corporation) 0x009E0000
Library I:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library I:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library I:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech Inc.) 0x10100000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C420000
Library I:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library I:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library I:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library I:\WINDOWS\system32\ddraw.dll (Microsoft DirectDraw/Microsoft Corporation) 0x73760000
Library I:\WINDOWS\system32\DCIMAN32.dll (DCI Manager/Microsoft Corporation) 0x73BC0000
Library I:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library I:\WINDOWS\ahogiqinicim.dll 0x00AB0000

Process I:\WINDOWS\System32\WScript.exe (Microsoft ® Windows Based Script Host/Microsoft Corporation) 512
Library I:\WINDOWS\System32\WScript.exe (Microsoft ® Windows Based Script Host/Microsoft Corporation) 0x01000000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library I:\WINDOWS\System32\IMM32.dll (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\WINDOWS\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library I:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library I:\WINDOWS\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library I:\WINDOWS\System32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library I:\WINDOWS\System32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library I:\WINDOWS\System32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library I:\WINDOWS\System32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library I:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library I:\WINDOWS\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library I:\WINDOWS\System32\COMRes.dll (Microsoft Corporation) 0x77050000
Library I:\WINDOWS\system32\vbscript.dll (Microsoft ® VBScript/Microsoft Corporation) 0x73300000
Library I:\WINDOWS\System32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library I:\WINDOWS\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library I:\WINDOWS\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library I:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library I:\WINDOWS\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library I:\WINDOWS\System32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73DD0000
Library I:\WINDOWS\system32\scrobj.dll (Windows ® Script Component Runtime/Microsoft Corporation) 0x5CE40000
Library I:\WINDOWS\system32\mlang.dll (Multi Language Support DLL/Microsoft Corporation) 0x75CF0000
Library I:\WINDOWS\system32\scrrun.dll (Microsoft ® Script Runtime/Microsoft Corporation) 0x735A0000
Library I:\WINDOWS\system32\wshom.ocx (Windows Script Host Runtime Library/Microsoft Corporation) 0x5CD80000
Library I:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library I:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library I:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech Inc.) 0x10100000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C420000
Library I:\WINDOWS\System32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library I:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library I:\WINDOWS\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library I:\WINDOWS\system32\ddraw.dll (Microsoft DirectDraw/Microsoft Corporation) 0x73760000
Library I:\WINDOWS\system32\DCIMAN32.dll (DCI Manager/Microsoft Corporation) 0x73BC0000
Library I:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library I:\WINDOWS\ahogiqinicim.dll 0x10000000

Process I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (AutoDetector/Ulead Systems, Inc.) 524
Library I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (AutoDetector/Ulead Systems, Inc.) 0x00400000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\Program Files\Common Files\Ulead Systems\AutoDetector\u32Comm.dll (Error Handle/Ulead Systems, Inc.) 0x61300000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library I:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll 0x10000000
Library I:\WINDOWS\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73DD0000
Library I:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library I:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor_Res.dll (AutoDetector/Ulead Systems, Inc.) 0x00870000
Library I:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library I:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library I:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\Wtsapi32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library I:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library I:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library I:\WINDOWS\system32\ddraw.dll (Microsoft DirectDraw/Microsoft Corporation) 0x73760000
Library I:\WINDOWS\system32\DCIMAN32.dll (DCI Manager/Microsoft Corporation) 0x73BC0000
Library I:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library I:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech Inc.) 0x10100000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C420000
Library I:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library I:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library I:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library I:\WINDOWS\system32\dbghelp.dll (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library I:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library I:\WINDOWS\ahogiqinicim.dll 0x00BF0000
Library I:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000

Process I:\Program Files\Common Files\Java\Java Update\jusched.exe (Java™ Update Scheduler/Sun Microsystems, Inc.) 564
Library I:\Program Files\Common Files\Java\Java Update\jusched.exe (Java™ Update Scheduler/Sun Microsystems, Inc.) 0x00400000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library I:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00340000
Library I:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library I:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library I:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000

Process I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Office Word/Microsoft Corporation) 600
Library I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Office Word/Microsoft Corporation) 0x30000000
Library I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library I:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library I:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library I:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x77D40000
Library I:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library I:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library I:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library I:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library I:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation) 0x30C90000
Library I:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library I:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library I:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library I:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech Inc.) 0x10100000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C420000
Library I:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library I:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library I:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library I:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library I:\WINDOWS\system32\OLEAUT32.DLL (Microsoft Corporation) 0x77120000
Library I:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library I:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library I:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll (Rich Text Edit Control, v5.0/Microsoft Corporation) 0x39700000
Library I:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library I:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library I:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x015F0000
Library I:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library I:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\OfficePlugin\OfficePlugin.dll (Contribute Office Plugin/Adobe Systems, Inc.) 0x10000000
Library I:\WINDOWS\system32\COMDLG32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x78480000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78520000
Library I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\OfficePlugin\en_US\Resources\OfficePluginRes.dll (Contribute Office Plugin Resource DLL/Adobe Systems, Inc.) 0x015C0000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90u.dll (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x789E0000
Library I:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\MFC90ENU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library I:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library I:\WINDOWS\system32\OGAAddin.dll (Office Genuine Advantage Add-in/Microsoft Corporation) 0x02030000
Library I:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library I:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library I:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000
Library I:\WINDOWS\system32\en-US\OGAAddin.dll.mui (Office Genuine Advantage Add-in/Microsoft Corporation) 0x026B0000
Library I:\WINDOWS\ahogiqinicim.dll 0x026C0000
Library I:\WINDOWS\system32\ddraw.dll (Microsoft DirectDraw/Microsoft Corporation) 0x73760000
Library I:\WINDOWS\system32\DCIMAN32.dll (DCI Manager/Microsoft Corporation) 0x73BC0000
Library I:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library I:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library I:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library I:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72D20000
Library I:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library I:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library I:\WINDOWS\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BD0000
Library I:\Program Files\Common Files\Microsoft Shared\office11\usp10.DLL (Uniscribe Unicode script processor/Microsoft Corporation) 0x6FB80000
Library I:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL (Visual Basic Design Time Environment/Microsoft Corporation) 0x65000000
Library I:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\1033\VBE6INTL.DLL (Visual Basic Environment International Resources/Microsoft Corporation) 0x65300000
Library I:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76980000
Library I:\WINDOWS\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76990000
Library I:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library I:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library I:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library I:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL (Microsoft Office 2003 component/Microsoft Corporation) 0x37320000
Library I:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library I:\WINDOWS\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74C80000
Library I:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library I:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\1033\stintl.dll (Microsoft Office 2003 component/Microsoft Corporation) 0x374B0000
Library I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm309.dll (Printer Property UI dll/HP) 0x60600000
Library I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku09.dll (HPDJ Driver/HP) 0x03620000
Library I:\WINDOWS\system32\HLINK.dll (Microsoft Hyperlink Library/Microsoft Corporation) 0x76820000
Library I:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x0BD70000
Library I:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library I:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library I:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL (Microsoft Web Folders/Microsoft Corporation) 0x49090000
Library I:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll (SharePoint Portal Server Windows API Stub Library/Microsoft Corporation) 0x49970000
Library I:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library I:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x03B30000
Library I:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library I:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library I:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library I:\WINDOWS\system32\RASAPI32.dll (Remote Access API/Microsoft Corporation) 0x76EE0000
Library I:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E90000
Library I:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation) 0x76EB0000
Library I:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library I:\WINDOWS\system32\sensapi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x722B0000
Library I:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library I:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library I:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library I:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library I:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library I:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library I:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library I:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library I:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library I:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000
Library I:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL (Microsoft Office 2003 component/Microsoft Corporation) 0x0D4A0000
Library I:\WINDOWS\system32\WTSAPI32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library I:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library I:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL (Microsoft Speller/Microsoft Corporation) 0x3F000000
Library I:\Program Files\Microsoft Office\OFFICE11\intldate.dll (Microsoft Office 2003 component/Microsoft Corporation) 0x374C0000
Library I:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL (Microsoft English Natural Language Server/Microsoft Corporation) 0x3F100000
Library I:\WINDOWS\system32\AcSignIcon.dll (AutoCAD component/Autodesk, Inc.) 0x55DF0000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x782E0000
Library I:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80ENU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x0E2A0000
Library I:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library I:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library I:\WINDOWS\system32\browseui.dll (Shell Browser UI Library/Microsoft Corporation) 0x75F80000
Library I:\WINDOWS\system32\shdocvw.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E290000
Library I:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library I:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (AutoCAD component/Autodesk, Inc.) 0x55FE0000
  • 0

#8
Cold Titanium
Posted 15 April 2011 - 11:39 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Step #1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
MOD - [2007/07/27 05:00:00 | 000,229,376 | ---- | M] () -- I:\WINDOWS\ahogiqinicim.dll
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - I:\Program Files\MyAshampoo\prxtbMyA2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] I:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] I:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FS6519] I:\WINDOWS\FS6519.dll.vbs ()
O4 - HKLM..\Run: [Mriwerujomura] I:\WINDOWS\ahogiqinicim.dll ()
O4 - HKCU..\Run: [Kvokacupodovuje] I:\WINDOWS\wpwmdi.dll ()
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] File not found
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 10:11:57 | 000,000,102 | RHS- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{17a91d5c-3619-11e0-ad5c-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{17a91d5c-3619-11e0-ad5c-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{2b921eec-674b-11dd-a61d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{2c5db67a-793c-11de-a966-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{58a8a9da-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{58a8a9e8-e732-11dd-a6cb-001d7d08ea57}\Shell\AutoRun\command - "" = DCT\J\Mip.exe
O33 - MountPoints2\{58a8a9e8-e732-11dd-a6cb-001d7d08ea57}\Shell\open\command - "" = DCT\J\Mip.exe
O33 - MountPoints2\{5bd1a498-665f-11dd-a61c-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{65958066-b307-11df-ac1b-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{7785f758-1228-11e0-ad0e-001d7d08ea57}\Shell\AutoRun\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{7785f758-1228-11e0-ad0e-001d7d08ea57}\Shell\open\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{88d2d412-e116-11dd-a6be-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{8fc51631-508a-11dd-af5f-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{9e40df9a-b412-11de-aa35-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{a3939e36-fb26-11df-ace2-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{a3939e36-fb26-11df-ace2-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{a4dd5388-07b2-11e0-acf8-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{a6eda2d4-3fc1-11dd-af44-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{acb91c5e-6198-11dd-a618-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{b47c2262-3245-11e0-ad4d-001d7d08ea57}\Shell\AutoRun\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{b47c2262-3245-11e0-ad4d-001d7d08ea57}\Shell\open\command - "" = L:\DCT\J\Mip.exe
O33 - MountPoints2\{b5eb3e68-9895-11dd-a65c-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{bfaf393a-5089-11dd-af5d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c43fc27e-a7bb-11dd-a671-001d7d08ea57}\Shell\AutoRun\command - "" = K:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{c43fc27e-a7bb-11dd-a671-001d7d08ea57}\Shell\open\command - "" = K:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
O33 - MountPoints2\{c4e2b925-e2bb-11dd-a6c3-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c715b124-ee74-11dd-a6da-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{c9f41ba8-3c26-11dd-af3d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{cdcbfae5-8522-11dd-a63d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{d30715e2-c2ad-11de-aa5d-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{f639bc3a-e9d6-11df-acb0-001d7d08ea57}\Shell\AutoRun\command - "" = I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
O33 - MountPoints2\{fd1e5efa-085f-11e0-acfa-001d7d08ea57}\Shell\AutoRun\command - "" = K:\DCT\J\Mip.exe
O33 - MountPoints2\{fd1e5efa-085f-11e0-acfa-001d7d08ea57}\Shell\open\command - "" = K:\DCT\J\Mip.exe
O35 - HKCU\..exefile [open] -- "I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe" -a "%1" %* ()
ActiveX: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
ActiveX: {28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} - c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\WINDOWS\FS6519.dll.vbs
[2011/04/14 10:15:17 | 000,003,704 | RHS- | M] () -- I:\FS6519.dll.vbs
[2011/04/14 09:56:32 | 000,014,180 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\5v8d0182f4h5
[2011/04/14 09:56:32 | 000,014,180 | -HS- | M] () -- I:\Documents and Settings\All Users\Application Data\5v8d0182f4h5
[2011/04/14 09:49:58 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oxejefiqa.dll
[2011/04/14 09:47:54 | 000,001,306 | ---- | M] () -- I:\WINDOWS\imojagiq.dll
[2011/04/13 23:42:07 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ehanuver.dll
[2011/04/13 10:50:22 | 000,001,264 | ---- | M] () -- I:\WINDOWS\izogepuwidogodo.dll
[2011/04/12 10:49:34 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ipuquxuz.dll
[2011/04/11 21:57:31 | 000,001,264 | ---- | M] () -- I:\WINDOWS\awaqitihumenesan.dll
[2011/04/11 21:08:57 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uyicuvuhoxuq.dll
[2011/04/11 21:01:05 | 000,001,264 | ---- | M] () -- I:\WINDOWS\okuhoxuqux.dll
[2011/04/11 20:14:18 | 000,001,264 | ---- | M] () -- I:\WINDOWS\iwiroquq.dll
[2011/04/11 20:09:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ababevaxitigokid.dll
[2011/04/11 20:09:33 | 000,001,267 | ---- | M] () -- I:\WINDOWS\Uyuzitivumeja.dat
[2011/04/11 19:46:22 | 000,001,264 | ---- | M] () -- I:\WINDOWS\avihaxiqex.dll
[2011/04/11 18:03:24 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ubuwaqiq.dll
[2011/04/11 17:55:01 | 000,001,264 | ---- | M] () -- I:\WINDOWS\obuwaqiqamalanun.dll
[2011/04/11 17:50:18 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uxojehuco.dll
[2011/04/11 17:07:31 | 000,001,264 | ---- | M] () -- I:\WINDOWS\iveteroq.dll
[2011/04/11 16:26:05 | 000,344,064 | -HS- | M] () -- I:\Documents and Settings\john lane\Local Settings\Application Data\rov.exe
[2011/04/11 11:08:01 | 000,000,000 | ---- | M] () -- I:\WINDOWS\Vnasuqeruzonahu.bin
[2011/04/07 02:40:52 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uhepasuyaxukow.dll
[2011/04/01 09:54:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\opucafoj.dll
[2011/03/31 21:42:43 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oxucipih.dll
[2011/03/26 04:10:11 | 000,001,274 | ---- | M] () -- I:\WINDOWS\owawiqinoqoyej.dll
[2011/03/26 02:08:17 | 000,001,274 | ---- | M] () -- I:\WINDOWS\ovapiqow.dll
[2011/03/25 07:34:05 | 000,001,274 | ---- | M] () -- I:\WINDOWS\aletedapesanuk.dll
[2011/03/25 07:32:09 | 000,001,274 | ---- | M] () -- I:\WINDOWS\iqepodatod.dll
[2011/03/21 07:21:40 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ozekifen.dll
[2011/03/19 13:24:08 | 000,001,264 | ---- | M] () -- I:\WINDOWS\uqifexemexizodul.dll
[2011/03/19 13:22:49 | 000,001,282 | ---- | M] () -- I:\WINDOWS\ikaqesaci.dlld
[2011/03/19 13:22:49 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ikaqesaci.dll
[2011/03/19 10:10:54 | 000,001,264 | ---- | M] () -- I:\WINDOWS\icoyifeg.dll
[2011/03/19 09:17:46 | 000,001,264 | ---- | M] () -- I:\WINDOWS\oyafawina.dll
[2011/03/18 06:17:38 | 000,001,264 | ---- | M] () -- I:\WINDOWS\awohilofejinur.dll
[2011/03/18 06:17:02 | 000,001,264 | ---- | M] () -- I:\WINDOWS\akicuzojazi.dll
[2011/03/16 06:54:08 | 000,001,264 | ---- | M] () -- I:\WINDOWS\ocozofuqoqiwogij.dll
[2011/04/14 09:49:58 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxejefiqa.dll
[2011/04/14 09:47:54 | 000,001,306 | ---- | C] () -- I:\WINDOWS\imojagiq.dll
[2011/04/13 23:42:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ehanuver.dll
[2011/04/13 10:50:22 | 000,001,264 | ---- | C] () -- I:\WINDOWS\izogepuwidogodo.dll
[2011/04/12 10:49:34 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ipuquxuz.dll
[2011/04/11 21:57:31 | 000,001,264 | ---- | C] () -- I:\WINDOWS\awaqitihumenesan.dll
[2011/04/11 21:08:57 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uyicuvuhoxuq.dll
[2011/04/11 21:01:04 | 000,001,264 | ---- | C] () -- I:\WINDOWS\okuhoxuqux.dll
[2011/04/11 20:14:16 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iwiroquq.dll
[2011/04/11 20:09:38 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ababevaxitigokid.dll
[2011/04/11 19:46:22 | 000,001,264 | ---- | C] () -- I:\WINDOWS\avihaxiqex.dll
[2011/03/11 08:45:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\owuhimuhabuc.dll
[2011/03/10 16:59:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iyixuqot.dll
[2011/03/10 08:20:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ibenakoh.dll
[2011/03/08 09:12:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\irafupeyeguwivi.dll
[2011/03/07 15:43:32 | 000,001,264 | ---- | C] () -- I:\WINDOWS\uqadajak.dll
[2011/03/07 15:18:19 | 000,001,264 | ---- | C] () -- I:\WINDOWS\orutigihagon.dll
[2011/03/07 13:16:20 | 000,001,264 | ---- | C] () -- I:\WINDOWS\usojasuq.dll
[2011/03/07 11:15:27 | 000,001,264 | ---- | C] () -- I:\WINDOWS\egepaguheyek.dll
[2011/03/03 17:53:25 | 000,001,264 | ---- | C] () -- I:\WINDOWS\avipuzimocinex.dll
[2011/03/03 17:51:55 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ohiriyiji.dll
[2011/02/19 20:32:03 | 000,001,264 | ---- | C] () -- I:\WINDOWS\umuveruq.dll
[2011/02/19 10:23:08 | 000,001,264 | ---- | C] () -- I:\WINDOWS\iwepukogibux.dll
[2011/02/19 05:56:51 | 000,001,264 | ---- | C] () -- I:\WINDOWS\odibugojud.dll
[2011/02/19 03:54:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\utahogeh.dll
[2011/02/19 01:52:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\elarotan.dll
[2011/02/18 23:51:14 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ulezaxijo.dll
[2011/02/09 15:19:28 | 000,001,264 | ---- | C] () -- I:\WINDOWS\asucihic.dll
[2011/02/08 23:37:54 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ukicuzoj.dll
[2011/02/07 23:31:26 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ojuperamiya.dll
[2011/02/05 10:27:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\obexuguj.dll
[2011/02/03 13:49:59 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ebofupey.dll
[2011/02/03 11:48:18 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ivozidij.dll
[2011/02/03 11:35:07 | 000,001,264 | ---- | C] () -- I:\WINDOWS\oxowayewecigit.dll
[2011/02/03 11:29:50 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ozexekoc.dll
[2011/01/31 16:18:49 | 000,001,264 | ---- | C] () -- I:\WINDOWS\ukezejoher.dll
[2010/03/04 13:39:15 | 000,003,704 | RHS- | C] () -- I:\WINDOWS\FS6519.dll.vbs
[2009/04/02 10:25:03 | 000,005,180 | ---- | C] () -- I:\WINDOWS\System32\uacinit.dll
[2009/04/02 10:24:15 | 000,000,127 | ---- | C] () -- I:\WINDOWS\System32\UACpfqqhxid.dat
[2007/07/27 05:00:00 | 000,229,376 | ---- | C] () -- I:\WINDOWS\ahogiqinicim.dll
[2010/12/30 22:56:28 | 000,000,036 | ---- | M] ()(I:\WINDOWS\System32\??) -- I:\WINDOWS\System32\嚀œ
[2010/12/30 22:56:28 | 000,000,036 | ---- | C] ()(I:\WINDOWS\System32\??) -- I:\WINDOWS\System32\嚀œ
[2010/11/07 17:48:20 | 000,000,036 | ---- | M] ()(I:\WINDOWS\System32\?¼) -- I:\WINDOWS\System32\ᎀ¼
[2010/11/07 17:48:20 | 000,000,036 | ---- | C] ()(I:\WINDOWS\System32\?¼) -- I:\WINDOWS\System32\ᎀ¼

:Files
I:\Program Files\ConduitEngine

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt and the MBAM log in your next post...
  • 0

#9
Essexboy
Posted 19 April 2011 - 10:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP