Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

GetDriveLayOut pop-up box error - can't get rid of it

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » July 28th, 2010, 1:51 pm

Hi. I hope someone can help me? Just recently, I started getting an annoying pop up box when I log on and it won't go away. It says "GetDriveLayOut: Cannot find file specified"

I can't get rid of this box and it appears on top of everything, so when I open the internet, it's there. same with WORD documents etc - it's incredibly annoying. I've done a HJT log and posted it below and would be incredibly grateful for any help you could give me with this. I've scanned and Spybotted and done all sorts to my computer, but they show nothing.

Thanks in advance

Matt


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:17, on 28/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft IntelliPoint\IPoint.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518175959.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4880108343
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9719585015
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Code ... ontrol.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/l ... oader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe

--
End of file - 13022 bytes
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm
Advertisement
Register to Remove

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby MWR 3 day Mod » August 1st, 2010, 3:11 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby deltalima » August 1st, 2010, 1:06 pm

Hi txacoli,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » August 1st, 2010, 1:55 pm

Hi Deltalima - Thanks for offering to help. This is the uninstall log from Hijack This, although I'm unsure as to why so many of the programs are listed twice!

32 Bit HP CIO Components Installer
7-Zip 4.57
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe AIR
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Reader 9.3.3
Adobe Stock Photos 1.0
Advanced SystemCare 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
authorSTREAM Desktop
Automatic Registering Tool
BBC iPlayer Desktop
BBC iPlayer Desktop
Belarc Advisor 8.1
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CCleaner
CleanMyPC - Registry Cleaner
CompuApps SwissKnife V3
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
Creative WebCam Vista User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
CyberScrub Professional 3.0
Driver Detective
DriverMax 4
DriverMax 5
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDPe 2.3
Dynamic Learning - ¡Ponte al día! Segunda edición (Student)
Dynamic Learning (Student Version)
eBook Library by Sony
EVEREST Home Edition v2.20
ewido anti-malware
Free Tetrix
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hot CPU Tester Pro 3.4.2 (Lite Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 14.0
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
Intel(R) 536EP Modem
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 12
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
LaCie Backup Software v1.5.2378
Macromedia Shockwave Player
Magic DVD Ripper V5.5.0
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! for Windows XP
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.6.7)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
neroxml
Network Recording Player
Newnovelist 1.1
NTREGOPT 1.1j
OCR Software by I.R.I.S. 14.0
PDF Master
PowerDVD
PQ DVD to iPod Video Suite (remove only)
PRS-500 USB driver
PRS-505 User's Guide
QuickTime
RealPlayer
Realtek AC'97 Audio
RegScrubXP 3.25
RollerCoaster Tycoon 3
RollerCoaster Tycoon® 3
S3 S3Display
S3 S3Gamma2
Safe Creative Automatic Registering Tool
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
SDL MultiTerm 2007 Desktop
SDL Passolo 2007 Essential SP5
SDL Trados 2007 Freelance
SDL Trados Synergy 2007
SDLX
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Skype™ 4.2
Spybot - Search & Destroy
SpywareBlaster 4.0
System Requirements Lab
Trust R-Series Mouse
Trust R-series Mouse And Keyboard
UniChrome Pro IGP Display Driver and Utilities
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VIA Rhine Family Fast Ethernet Adapter CE6 Driver
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
VIA/S3G Display Driver 6.14.10.0378
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Backup Utility
Windows Defender Signatures
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby deltalima » August 1st, 2010, 2:21 pm

Hi txacoli,

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » August 1st, 2010, 3:30 pm

MGADiag results
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-3KTJ3-TWXKP-39C38
Windows Product Key Hash: 9YK4FVA8rZjw73NE5dTHL7SikFg=
Windows Product ID: 76477-OEM-2159567-40067
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {D6B5775D-E027-4322-BDA0-3FDB71849AE1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D6B5775D-E027-4322-BDA0-3FDB71849AE1}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-39C38</PKey><PID>76477-OEM-2159567-40067</PID><PIDType>3</PIDType><SID>S-1-5-21-1275210071-1035525444-839522115</SID><SYSTEM><Manufacturer>VIAK8M</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="3"/><Date>20041125000000.000000+000</Date></BIOS><HWID>B6A73CEF0184226D</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.18.5"/><File Name="WgaLogon.dll" Version="1.7.18.5"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>836C94DC48E1ED0</Val><Hash>xhFUT3XVjvwVkktu1polJz+m5ME=</Hash><Pid>81599-872-4437271-65045</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A




CKFiles
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\cosmi\pdf master\crypt.dll
scanner sequence 3.NA.11
----- EOF -----
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby deltalima » August 1st, 2010, 3:59 pm

Hi txacoli,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » August 1st, 2010, 6:19 pm

OK, the scans took a while, but here are the results. I've had to spread them over 2 entries as they use up too many characters!

OTL.txt
OTL logfile created on: 01/08/2010 21:21:53 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 28.48 Gb Free Space | 37.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-6C083D1ABB
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ewido security suite guard) -- C:\Program Files\ewido anti-malware\ewidoguard.exe (ewido networks)
SRV - (ewido security suite control) -- C:\Program Files\ewido anti-malware\ewidoctrl.exe (ewido networks)
SRV - (WPEServ) -- C:\Program Files\Common Files\WPE\wpeserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (windrvNT) -- C:\WINDOWS\System32\windrvNT.sys File not found
DRV - (WDC_SAM) -- C:\WINDOWS\System32\DRIVERS\wdcsam.sys File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ubumapi) -- C:\WINDOWS\system32\drivers\UBUMAPI.sys (Unibrain S.A.)
DRV - (ubohci) -- C:\WINDOWS\system32\drivers\ubohci.sys (Unibrain S.A.)
DRV - (ubsbm) -- C:\WINDOWS\system32\drivers\UBSBM.sys (Unibrain S.A.)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (PGR1394b) -- C:\WINDOWS\system32\drivers\HS3dSensor1394.sys (Point Grey Research)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\WINDOWS\system32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\system32\drivers\s115bus.sys (MCCI Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (VNICPKT5) -- C:\WINDOWS\system32\VNICPKT5.sys (VIA Technologies, Inc.)
DRV - (V0330VID) -- C:\WINDOWS\system32\drivers\V0330Vid.sys (Creative Technology Ltd.)
DRV - (ewido security suite driver) -- C:\Program Files\ewido anti-malware\guard.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (k600mdm) -- C:\WINDOWS\system32\drivers\k600mdm.sys (MCCI)
DRV - (k600mdfl) -- C:\WINDOWS\system32\drivers\k600mdfl.sys (MCCI)
DRV - (Intels51) Intel(R) -- C:\WINDOWS\system32\drivers\IntelS51.sys (Intel Corporation)
DRV - (viasraid) -- C:\WINDOWS\system32\DRIVERS\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (Alcatel Bell)
DRV - (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (Alcatel Bell)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (SBKUPNT) -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS ()
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 12:08:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/12 23:38:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 18:24:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 23:29:35 | 000,000,000 | ---D | M]

[2010/03/08 23:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/29 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8ovocot.default\extensions
[2010/04/28 10:23:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s8ovocot.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/08 23:24:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/12 00:41:38 | 000,404,615 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 http://www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 http://www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 http://www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13991 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518175959.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/share ... insctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v ... 4880108343 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9719585015 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Code ... ontrol.ocx (CamImage Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/share ... cgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/l ... oader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/sho ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido anti-malware\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/27 13:06:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b59d44ea-4bd8-11df-912c-0069001c1190}\Shell - "" = AutoRun
O33 - MountPoints2\{b59d44ea-4bd8-11df-912c-0069001c1190}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b59d44ea-4bd8-11df-912c-0069001c1190}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 21:20:22 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/01 21:20:21 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/01 20:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malware
[2010/07/28 18:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/07/28 18:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/07/28 18:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/22 07:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/07/22 07:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/21 23:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/07/21 23:29:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/21 21:15:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/21 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/21 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 20:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{A775A302-84C8-41AE-A759-DDF559E2E330}
[2010/07/20 14:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BUBOK PUBLICAR
[2010/07/18 19:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FILMS
[2010/07/18 19:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MagicSoftware
[2010/07/18 19:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2010/07/18 19:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2010/07/14 21:13:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2007/11/01 09:52:59 | 000,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\VNICPKT.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/01 21:18:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x61990le.exe
[2010/08/01 21:16:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/01 21:15:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/01 20:47:36 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/08/01 20:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/01 20:19:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/01 18:44:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/08/01 18:43:08 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 18:43:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 18:42:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 18:13:40 | 018,612,224 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/31 18:13:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/29 23:41:14 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/28 18:26:35 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/07/28 18:26:35 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/07/22 07:31:31 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 07:31:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/22 07:31:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/22 07:13:56 | 022,091,228 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/22 05:00:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2010/07/21 23:52:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/21 23:29:39 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/21 20:52:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Edoculazexizu.dat
[2010/07/21 20:52:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ymunoce.bin
[2010/07/19 21:43:47 | 000,004,082 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IKEA PARTICIPACION.pdf
[2010/07/18 19:52:56 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Magic DVD Ripper.lnk
[2010/07/18 09:12:51 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/18 09:12:51 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/18 02:26:05 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/07/14 21:26:01 | 000,024,670 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Plato rectangular2 (2).JPG
[2010/07/14 19:06:25 | 000,014,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pamoja IB online.docx
[2010/07/14 18:53:39 | 002,300,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Amo_Buenos_Aires_1.ppt
[2010/07/12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 09:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/11 15:02:00 | 000,276,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Training Requested for July 2010 Training Week08.07.10.xls
[2010/07/09 22:28:14 | 000,274,451 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pedido_N__48.pdf
[2010/07/07 08:22:12 | 000,001,187 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/05 22:23:55 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Matrimonios homosexuales en el mundo.doc
[2010/07/03 01:05:12 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PAGINA 12 COPIAS REVISTA PERONISMO.doc
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/01 21:20:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x61990le.exe
[2010/07/28 18:26:35 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/07/28 18:26:35 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/07/22 03:07:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/21 23:29:39 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/21 20:52:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Edoculazexizu.dat
[2010/07/21 20:52:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ymunoce.bin
[2010/07/20 17:01:36 | 018,612,224 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/19 21:43:47 | 000,004,082 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IKEA PARTICIPACION.pdf
[2010/07/18 19:52:56 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Magic DVD Ripper.lnk
[2010/07/14 21:26:01 | 000,024,670 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Plato rectangular2 (2).JPG
[2010/07/14 19:06:25 | 000,014,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pamoja IB online.docx
[2010/07/14 18:53:36 | 002,300,416 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Amo_Buenos_Aires_1.ppt
[2010/07/11 14:59:13 | 000,276,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Training Requested for July 2010 Training Week08.07.10.xls
[2010/07/09 22:28:14 | 000,274,451 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pedido_N__48.pdf
[2010/07/05 22:23:55 | 000,115,712 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Matrimonios homosexuales en el mundo.doc
[2010/07/03 01:05:11 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\PAGINA 12 COPIAS REVISTA PERONISMO.doc
[2010/04/21 22:07:46 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2010/04/21 22:07:45 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2010/04/21 22:07:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2010/04/21 22:05:10 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/11/03 20:21:50 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/06/21 14:56:39 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/03/08 18:17:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/01/14 12:16:33 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2008/11/09 18:26:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2008/11/09 16:17:14 | 000,000,193 | ---- | C] () -- C:\WINDOWS\Vstudio.INI
[2008/11/09 15:55:31 | 000,001,173 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2008/11/09 15:55:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2008/09/07 00:08:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/01 10:01:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2007/11/01 09:57:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/30 22:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/12/10 16:03:40 | 000,000,048 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2006/12/10 16:02:23 | 000,000,198 | ---- | C] () -- C:\WINDOWS\gsp_gcse.ini
[2006/12/10 16:02:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\GSP_ApRg.INI
[2006/11/27 18:57:32 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/09/10 17:50:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\IPSCFG.INI
[2006/04/16 23:57:58 | 000,001,187 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/13 19:58:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\thxcfg.ini
[2005/10/19 09:48:31 | 000,005,600 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/05/05 17:26:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/03 16:02:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2005/04/30 21:36:38 | 000,001,300 | ---- | C] () -- C:\WINDOWS\System32\cool.dll
[2005/04/30 18:39:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/27 15:17:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2005/04/27 13:11:32 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[1995/10/21 11:37:52 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


OTL Extras.txt
OTL Extras logfile created on: 01/08/2010 21:21:53 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 28.48 Gb Free Space | 37.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-6C083D1ABB
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2571E801-EF6F-41C9-9590-1576565EF74F}" = PRS-505 User's Guide
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{27113CA3-36B8-48AB-A419-79CF1FC0ECED}" = Ulead VideoStudio 5.0 DV
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B2F9A84-7E8C-4BD6-991C-CD41DBA4289C}" = PDF Master
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43BD0C58-6E6E-4500-AFB0-263423319604}" = SDL Trados 2007 Freelance
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4BDD723C-A883-445A-A997-592406B1C1F6}" = authorSTREAM Desktop
"{54536E4D-9729-4ABC-8A55-D9479C73D2C0}" = Automatic Registering Tool
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}" = LaCie Backup Software v1.5.2378
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6363088C-AB2B-436A-B2E6-A19051E90DFE}" = Dynamic Learning - ¡Ponte al día! Segunda edición (Student)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C7E3C62-89D1-4422-93EC-AB20572F8EF6}" = VIA Rhine Family Fast Ethernet Adapter CE6 Driver
"{718666FC-C0A7-4DE7-9120-8F1746A90588}" = Trust R-Series Mouse
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}" = SDL Trados Synergy 2007
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8302F817-9F82-40F2-8149-8BB50B0250F7}" = SDL MultiTerm 2007 Desktop
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BA5E9-0447-43A2-B2A6-2D5DFF3DD5DC}" = Network Recording Player
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Trust R-series Mouse And Keyboard
"{B92FE44E-B1FA-4151-80F8-0CC942E60773}" = Dynamic Learning (Student Version)
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE98383B-7BB4-457C-AEAB-D89E9537628F}" = SDLX
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F148DEF8-8CCB-4157-A48B-DDBB957AF9F8}" = SDLX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCAA5D7F-86B5-469A-BA6F-0E722B8F0094}" = eBook Library by Sony
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Automatic Registering Tool" = Safe Creative Automatic Registering Tool
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Belarc Advisor" = Belarc Advisor 8.1
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0330" = Creative WebCam Vista Driver (1.00.03.00)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Vista User's Guide English" = Creative WebCam Vista User's Guide (English)
"CSCLIB" = Canon Camera Support Core Library
"CyberScrub Professional 3.0" = CyberScrub Professional 3.0
"Digital Editions" = Adobe Digital Editions
"DMX4_is1" = DriverMax 4
"DMX5_is1" = DriverMax 5
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDPe 2.3_is1" = DVDPe 2.3
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ewidoantimalware" = ewido anti-malware
"Free Tetrix" = Free Tetrix
"Google Chrome" = Google Chrome
"Hot CPU Tester Pro 3.4.2 LE_is1" = Hot CPU Tester Pro 3.4.2 (Lite Edition)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{718666FC-C0A7-4DE7-9120-8F1746A90588}" = Trust R-Series Mouse
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Trust R-series Mouse And Keyboard
"Intel(R) 536EP Modem" = Intel(R) 536EP Modem
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Newnovelist" = Newnovelist 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTREGOPT_is1" = NTREGOPT 1.1j
"PQ_DVD_to_iPod_Video_Suite" = PQ DVD to iPod Video Suite (remove only)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RegScrubXP_is1" = RegScrubXP 3.25
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"S3" = UniChrome Pro IGP Display Driver and Utilities
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SDL Passolo 2007 Essential SP5" = SDL Passolo 2007 Essential SP5
"SpywareBlaster_is1" = SpywareBlaster 4.0
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"VIA/S3G Display Driver" = VIA/S3G Display Driver
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0378
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-1035525444-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2010 13:00:57 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:00:57 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:00:58 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:00:59 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:01:00 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:01:01 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:01:02 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:01:02 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:01:02 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 28/07/2010 13:01:02 | Computer Name = USER-6C083D1ABB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ OSession Events ]
Error - 27/02/2010 10:53:00 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/02/2010 12:48:24 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 187
seconds with 60 seconds of active time. This session ended with a crash.

Error - 27/02/2010 14:08:08 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 108
seconds with 60 seconds of active time. This session ended with a crash.

Error - 27/02/2010 16:30:57 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 131
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/03/2010 14:59:30 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/03/2010 15:00:05 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/03/2010 17:22:23 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09/03/2010 17:23:18 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 306
seconds with 300 seconds of active time. This session ended with a crash.

Error - 10/03/2010 19:29:10 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 349
seconds with 300 seconds of active time. This session ended with a crash.

Error - 10/03/2010 19:30:10 | Computer Name = USER-6C083D1ABB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 54
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/07/2010 18:31:37 | Computer Name = USER-6C083D1ABB | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 29/07/2010 18:48:53 | Computer Name = USER-6C083D1ABB | Source = Service Control Manager | ID = 7034
Description = The VRAID Log Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 31/07/2010 11:52:21 | Computer Name = USER-6C083D1ABB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 0069001C1190 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/07/2010 11:52:36 | Computer Name = USER-6C083D1ABB | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 31/07/2010 11:55:14 | Computer Name = USER-6C083D1ABB | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 31/07/2010 11:55:22 | Computer Name = USER-6C083D1ABB | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 31/07/2010 11:55:48 | Computer Name = USER-6C083D1ABB | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 01/08/2010 13:43:02 | Computer Name = USER-6C083D1ABB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 0069001C1190 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 01/08/2010 13:43:18 | Computer Name = USER-6C083D1ABB | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 01/08/2010 13:44:53 | Computer Name = USER-6C083D1ABB | Source = Service Control Manager | ID = 7034
Description = The VRAID Log Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » August 1st, 2010, 6:26 pm

Here are the results of the scans........Part 2! In fact, they've had to be spread over 3 scans, so the GMER one has had to be split as it's too big on its own to fit in one scan.

GMER.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-01 22:42:15
Windows 5.1.2600 Service Pack 3
Running: x61990le.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwqiqkoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwOpenProcess [0xB3EDB68C]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]
SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwTerminateProcess [0xB3EDB604]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E8CDC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E8CDF2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E8CE48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E8CD9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E8CD74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E8CD88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E8CDDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E8CE1E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E8CE5E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E8CE32]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80502244 7 Bytes JMP B9E8CE36 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP B9E8CE4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP B9E8CE62 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6040 5 Bytes JMP B9E8CE22 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP B9E8CD78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP B9E8CD8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D66 7 Bytes JMP B9E8CDE0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7E0 7 Bytes JMP B9E8CDCA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A9B0 7 Bytes JMP B9E8CDF6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B722 5 Bytes JMP B9E8CDA0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\drivers\viaide.sys entry point in ".rsrc" section [0xBA5AD014]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910FEF
.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910025
.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[252] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00960FE5
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00960F68
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0096005D
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00960036
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00960F79
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0096000A
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00960F30
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00960F57
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00960EDF
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00960EFA
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00960ECE
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0096001B
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00960FCA
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00960078
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00960F9E
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00960FB9
.text C:\WINDOWS\System32\svchost.exe[252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00960F15
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00950047
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0095008B
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0095002C
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0095001B
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0095007A
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00950000
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00950069
.text C:\WINDOWS\System32\svchost.exe[252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00950058
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940036
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940025
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940FB5
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940FEF
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\svchost.exe[252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00940FC6
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0092001B
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00920FE5
.text C:\WINDOWS\System32\svchost.exe[252] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00920FCA
.text C:\WINDOWS\System32\svchost.exe[252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930000
.text C:\WINDOWS\Explorer.EXE[372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[372] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E00F81
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E0006C
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E0005B
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E0004A
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E00025
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E000B8
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00F70
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E000F5
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E000DA
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E00F37
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E00F9E
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E00FE5
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E00091
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E00FB9
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E00FCA
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E000C9
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DF0FB9
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DF0F83
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DF0FCA
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DF0FE5
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DF0F9E
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DF0040
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0047
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE002C
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE001B
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0FD2
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DD0014
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\system32\svchost.exe[568] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01420FE5
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01420014
.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01420FD4
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0194000A
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01940054
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01940F69
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01940F86
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01940043
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01940FB2
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0194009B
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01940080
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01940F2E
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019400C7
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01940F1D
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01940FA1
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01940FEF
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01940065
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01940FCD
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01940FDE
.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 019400AC
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01930036
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01930087
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01930025
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0193000A
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0193006C
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01930FEF
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01930FCA
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 89] {MOV BL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01930051
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01920047
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!system 77C293C7 5 Bytes JMP 01920FBC
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01920011
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01920FE3
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01920022
.text C:\WINDOWS\system32\svchost.exe[768] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01920000
.text C:\WINDOWS\system32\svchost.exe[768] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01430000
.text C:\WINDOWS\system32\svchost.exe[768] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0143001B
.text C:\WINDOWS\system32\svchost.exe[768] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01430FE5
.text C:\WINDOWS\system32\svchost.exe[768] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01430036
.text C:\WINDOWS\system32\svchost.exe[768] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01910000
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01440FEF
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01440FDE
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01440014
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01490000
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01490F59
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0149004E
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0149003D
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01490F80
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01490FA5
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01490EFC
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 7C801EF2 3 Bytes JMP 01490F23
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA + 4 7C801EF6 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01490EBC
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01490EE1
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0149007A
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0149002C
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01490FE5
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01490F3E
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01490FC0
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01490011
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0149005F
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01480FB9
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0148005B
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0148000A
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01480FD4
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01480040
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01480FE5
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01480025
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01480F9E
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01470F88
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!system 77C293C7 5 Bytes JMP 01470FAD
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01470FD9
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01470000
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01470FC8
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0147001D
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01450FE5
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01450000
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01450FCA
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0145001B
.text C:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01460FEF
.text C:\WINDOWS\system32\services.exe[1096] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1096] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FC3
.text C:\WINDOWS\system32\services.exe[1096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01420FE5
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01420F71
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01420066
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01420055
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01420044
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01420022
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014200A5
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01420094
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01420F27
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014200C0
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014200DB
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01420033
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01420000
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01420077
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01420011
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01420FCA
.text C:\WINDOWS\system32\services.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01420F42
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0091
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF006C
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\services.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\services.exe[1096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FC8
.text C:\WINDOWS\system32\services.exe[1096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070053
.text C:\WINDOWS\system32\services.exe[1096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070027
.text C:\WINDOWS\system32\services.exe[1096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070042
.text C:\WINDOWS\system32\services.exe[1096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[1096] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[1096] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[1096] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0005002C
.text C:\WINDOWS\system32\services.exe[1096] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\services.exe[1096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\lsass.exe[1108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\lsass.exe[1108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C90011
.text C:\WINDOWS\system32\lsass.exe[1108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C90FDB
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20053
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F5E
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20036
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20F79
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D20F37
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D2007F
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20F0B
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F26
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D20EF0
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20F9E
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20064
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D200A4
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D10F83
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10F94
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D1002C
.text C:\WINDOWS\system32\lsass.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\lsass.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00FA6
.text C:\WINDOWS\system32\lsass.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00FB7
.text C:\WINDOWS\system32\lsass.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00027
.text C:\WINDOWS\system32\lsass.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D0000C
.text C:\WINDOWS\system32\lsass.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00FD2
.text C:\WINDOWS\system32\lsass.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\lsass.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\lsass.exe[1108] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\lsass.exe[1108] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\lsass.exe[1108] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CA0FCD
.text C:\WINDOWS\system32\lsass.exe[1108] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CA001E
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » August 1st, 2010, 6:28 pm

.............and the last one of the three.

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024D0FE5
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024D0075
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024D0F80
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024D0F9B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 024D0058
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 024D003D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024D00AD
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024D0F65
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024D00E3
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024D0F4A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024D00FE
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 024D0FB6
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024D0000
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024D0090
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 024D002C
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 024D001B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024D00C8
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024C0FB9
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024C0F83
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024C0FD4
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024C000A
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024C0040
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024C0FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 024C002F
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024C0F9E
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024B0FAD
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 024B0038
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024B0027
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024B0000
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024B0FD2
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024B0FE3
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02490000
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0249001B
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02490FDB
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0249002C
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 024A0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E60043
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E60F4E
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E60F5F
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E60028
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E60FA1
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E6007B
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E60F29
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E60F0E
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E600A7
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E600CC
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60F86
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E60FDE
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E60054
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E60FBC
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E60FCD
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E60096
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E50FCA
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E50058
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E5001B
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E50047
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E50FA5
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [05, 89]
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E5002C
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0038
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FB7
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0FD2
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0027
.text C:\WINDOWS\system32\svchost.exe[1360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD000C
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0025
.text C:\WINDOWS\system32\svchost.exe[1360] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0040
.text C:\WINDOWS\system32\svchost.exe[1360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0000
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 040B0FEF
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 040B0FDE
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 040B0014
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04100000
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04100F79
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0410006E
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04100F94
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04100051
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0410002F
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 041000A4
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04100089
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04100F1C
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 041000B5
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04100F01
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04100040
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04100FE5
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04100F5E
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04100FC3
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04100FD4
.text C:\WINDOWS\System32\svchost.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04100F41
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 040F002C
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 040F005F
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 040F0FDB
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 040F0011
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 040F004E
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 040F0000
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 040F003D
.text C:\WINDOWS\System32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 040F0FB6
.text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1488] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E0000A
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 040E0027
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!system 77C293C7 5 Bytes JMP 040E0FA6
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 040E0FD2
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 040E0FE3
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 040E0FB7
.text C:\WINDOWS\System32\svchost.exe[1488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 040E0000
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 040C000A
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 040C0FEF
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 040C0FD4
.text C:\WINDOWS\System32\svchost.exe[1488] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 040C002F
.text C:\WINDOWS\System32\svchost.exe[1488] WS2_32.dll!socket 71AB4211 5 Bytes JMP 040D000A
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E50FD4
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA0F6F
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0064
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0F8A
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0047
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0FA5
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA009A
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0F54
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA0F2D
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA00C6
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA00E1
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA002C
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA0FDB
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA007F
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA0011
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA0FCA
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA00B5
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E90FC0
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90F80
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E90FDB
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E90011
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90FA5
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E90047
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E9002C
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E80F9C
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E80FAD
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E8001D
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E8000C
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E80FC8
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1540] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\svchost.exe[1540] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E6001B
.text C:\WINDOWS\system32\svchost.exe[1540] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E60FDB
.text C:\WINDOWS\system32\svchost.exe[1540] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E60FCA
.text C:\WINDOWS\system32\svchost.exe[1540] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DE0FC3
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DE0FD4
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30065
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30F7A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30F8B
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30FA8
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30F4B
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30093
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E30F1C
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E300B5
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E300C6
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E3004A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E30076
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E300A4
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E20FBC
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E20F50
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E20FCD
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E20FDE
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E20F75
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E20F90
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [02, 89]
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E20FA1
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10FCA
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10055
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E1000C
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10044
.text C:\WINDOWS\system32\svchost.exe[1628] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E1001D
.text C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DF001B
.text C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DF002C
.text C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DF0FDB
.text C:\WINDOWS\system32\svchost.exe[1628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910000
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910022
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910011
.text C:\WINDOWS\System32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0096000A
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00960FCA
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009600BF
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009600AE
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00960087
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00960FEF
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009600F7
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00960FAF
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00960126
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00960F8D
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00960137
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00960076
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0096001B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009600DA
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0096005B
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00960036
.text C:\WINDOWS\System32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00960F9E
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0095002C
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00950084
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0095001B
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00950000
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00950073
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00950FE5
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0095004E
.text C:\WINDOWS\System32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0095003D
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940058
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940047
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00940FDE
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940000
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00940FCD
.text C:\WINDOWS\System32\svchost.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00940FEF
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0092001B
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0092002C
.text C:\WINDOWS\System32\svchost.exe[1856] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0092003D
.text C:\WINDOWS\System32\svchost.exe[1856] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[3824] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[3824] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\svchost.exe[3824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D20014
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60F6A
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D6005F
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60F85
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D6004E
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60FB6
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D60097
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60070
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D60F08
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F19
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D600BC
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D60033
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60011
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60F4F
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60FD1
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D60022
.text C:\WINDOWS\system32\svchost.exe[3824] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D60F34
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D50025
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D5006F
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50FA8
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D50040
.text C:\WINDOWS\system32\svchost.exe[3824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FB9
.text C:\WINDOWS\system32\svchost.exe[3824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D4003B
.text C:\WINDOWS\system32\svchost.exe[3824] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FA6
.text C:\WINDOWS\system32\svchost.exe[3824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40FC1
.text C:\WINDOWS\system32\svchost.exe[3824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[3824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40016
.text C:\WINDOWS\system32\svchost.exe[3824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\system32\svchost.exe[3824] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[3824] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[3824] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D30FD4
.text C:\WINDOWS\system32\svchost.exe[3824] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D30FC3

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1616] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1616] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\ubohci \Device\C1394 UB1394.SYS (ubCore® 1394 Class Driver (x86 XP/2003/Vista Rel)/Unibrain S.A.)

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A5CEEC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\viaide.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

Database version: 4378

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/08/2010 23:11:24
mbam-log-2010-08-01 (23-11-24).txt

Scan type: Quick scan
Objects scanned: 148473
Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\0.8387602656083486.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2FA.tmp (Rootkit.TDSS) -> Quarantined and
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby deltalima » August 1st, 2010, 6:33 pm

Hi txacoli,

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » August 1st, 2010, 7:23 pm

Below is the TDSSKiller log
I'm thrilled to say that the computer no longer boots up with that message any more and I'm thrilled to see that (or thrilled to not see it in fact?!) Everything I'd read pointed to it being to do with VIA, but nothing I did got rid of it. This last thing seems to have obliterated it completely.
I need to sleep now as it's 20 past midnight here and I'm working tomorrow, but thank you so much for your help with this. It's been invaluable.

Matt


2010/08/01 23:56:11.0640 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/08/01 23:56:11.0640 ================================================================================
2010/08/01 23:56:11.0640 SystemInfo:
2010/08/01 23:56:11.0640
2010/08/01 23:56:11.0640 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/01 23:56:11.0640 Product type: Workstation
2010/08/01 23:56:11.0640 ComputerName: USER-6C083D1ABB
2010/08/01 23:56:11.0640 UserName: Owner
2010/08/01 23:56:11.0640 Windows directory: C:\WINDOWS
2010/08/01 23:56:11.0640 System windows directory: C:\WINDOWS
2010/08/01 23:56:11.0640 Processor architecture: Intel x86
2010/08/01 23:56:11.0640 Number of processors: 1
2010/08/01 23:56:11.0640 Page size: 0x1000
2010/08/01 23:56:11.0640 Boot type: Normal boot
2010/08/01 23:56:11.0640 ================================================================================
2010/08/01 23:56:12.0312 Initialize success
2010/08/01 23:56:17.0187 ================================================================================
2010/08/01 23:56:17.0187 Scan started
2010/08/01 23:56:17.0187 Mode: Manual;
2010/08/01 23:56:17.0187 ================================================================================
2010/08/01 23:56:19.0281 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/08/01 23:56:20.0093 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/01 23:56:20.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/01 23:56:21.0140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/01 23:56:21.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/01 23:56:22.0734 alcan5wn (3ba0860e228f60fc0cab6435bde777b5) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2010/08/01 23:56:23.0296 alcaudsl (b1bc2524451b8b238fca773d8642f60a) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2010/08/01 23:56:25.0343 ALCXWDM (8e100402761df99e6a432bf31a8331d3) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/01 23:56:28.0265 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/08/01 23:56:29.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/01 23:56:30.0500 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2010/08/01 23:56:31.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/01 23:56:31.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/01 23:56:32.0515 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/01 23:56:32.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/01 23:56:33.0421 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/08/01 23:56:34.0093 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/08/01 23:56:34.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/01 23:56:34.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/01 23:56:35.0171 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/01 23:56:35.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/01 23:56:35.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/01 23:56:35.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/01 23:56:35.0906 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys
2010/08/01 23:56:36.0968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/01 23:56:37.0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/01 23:56:37.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/01 23:56:38.0265 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/01 23:56:38.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/01 23:56:39.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/01 23:56:39.0625 ewido security suite driver (2ff233e31aefff332f187e8e2abfa6c5) C:\Program Files\ewido anti-malware\guard.sys
2010/08/01 23:56:40.0078 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/01 23:56:40.0406 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/01 23:56:40.0734 FET5X86V (52fa46ae36caafc6e1ff4fd617dfd25d) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2010/08/01 23:56:40.0828 FETND5BV (52fa46ae36caafc6e1ff4fd617dfd25d) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2010/08/01 23:56:41.0187 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/08/01 23:56:41.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/01 23:56:41.0562 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/01 23:56:41.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/01 23:56:42.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/01 23:56:42.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/01 23:56:42.0562 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/08/01 23:56:42.0812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/08/01 23:56:43.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/01 23:56:43.0218 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/01 23:56:43.0609 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/01 23:56:44.0187 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/01 23:56:44.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/01 23:56:45.0359 Intels51 (f61bd411a315b9721ddef61e44d34474) C:\WINDOWS\system32\DRIVERS\Intels51.sys
2010/08/01 23:56:45.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/01 23:56:45.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/01 23:56:46.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/01 23:56:46.0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/01 23:56:46.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/01 23:56:46.0875 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/01 23:56:47.0093 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/01 23:56:47.0296 k600mdfl (c0d81f66557847bbb7f5b9980bc2ea2e) C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
2010/08/01 23:56:47.0562 k600mdm (646900b2921bad4757b427d2d328ec96) C:\WINDOWS\system32\DRIVERS\k600mdm.sys
2010/08/01 23:56:48.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/01 23:56:48.0265 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/01 23:56:48.0468 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/01 23:56:48.0671 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/01 23:56:49.0093 KMWDFilter (f0c9f373ce7e0d71d903aa88af3c50a7) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
2010/08/01 23:56:49.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/01 23:56:49.0500 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/08/01 23:56:49.0781 LHidFlt2 (27bbea62dfafc495e956d3911ebc3045) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
2010/08/01 23:56:49.0953 LKbdFlt2 (bbc297ea4fc97fc7b85f70915345c80a) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
2010/08/01 23:56:50.0062 LMouFlt2 (45df10f44f6a140a4f3dd377676603f2) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
2010/08/01 23:56:50.0343 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/08/01 23:56:50.0593 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/08/01 23:56:50.0984 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/08/01 23:56:51.0250 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/08/01 23:56:51.0515 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/08/01 23:56:51.0843 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/08/01 23:56:51.0953 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/08/01 23:56:52.0109 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/08/01 23:56:52.0343 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/08/01 23:56:52.0578 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/08/01 23:56:52.0906 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/08/01 23:56:53.0203 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/01 23:56:53.0406 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/01 23:56:53.0578 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/01 23:56:53.0890 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/01 23:56:54.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/01 23:56:54.0312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/01 23:56:54.0625 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/01 23:56:54.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/01 23:56:55.0187 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/08/01 23:56:55.0390 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/01 23:56:55.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/01 23:56:55.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/01 23:56:55.0687 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/01 23:56:55.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/01 23:56:55.0953 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/01 23:56:56.0000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/01 23:56:56.0109 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/01 23:56:56.0218 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/01 23:56:56.0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/01 23:56:56.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/01 23:56:56.0468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/01 23:56:56.0515 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/01 23:56:56.0625 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/01 23:56:56.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/01 23:56:56.0687 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/01 23:56:56.0875 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/01 23:56:57.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/01 23:56:57.0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/01 23:56:57.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/01 23:56:57.0343 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/01 23:56:57.0453 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/01 23:56:57.0593 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/01 23:56:57.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/01 23:56:57.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/01 23:56:57.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/01 23:56:58.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/01 23:56:58.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/01 23:56:58.0312 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/01 23:56:58.0500 PGR1394b (6fc9cda0b608dfda41e42d2e9c7d7874) C:\WINDOWS\system32\DRIVERS\HS3dSensor1394.sys
2010/08/01 23:56:58.0687 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/08/01 23:56:58.0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/01 23:56:58.0953 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/01 23:56:59.0000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/01 23:56:59.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/01 23:56:59.0171 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/01 23:56:59.0437 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/01 23:56:59.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/01 23:56:59.0562 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/01 23:56:59.0593 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/01 23:56:59.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/01 23:56:59.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/01 23:56:59.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/01 23:57:00.0031 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/01 23:57:00.0109 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/08/01 23:57:00.0281 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
2010/08/01 23:57:00.0453 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
2010/08/01 23:57:00.0796 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
2010/08/01 23:57:00.0953 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
2010/08/01 23:57:01.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/01 23:57:01.0171 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/01 23:57:01.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/01 23:57:01.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/01 23:57:01.0281 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/01 23:57:01.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/01 23:57:01.0421 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/01 23:57:01.0546 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/01 23:57:01.0640 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/08/01 23:57:01.0796 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/08/01 23:57:01.0968 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/08/01 23:57:02.0125 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/08/01 23:57:02.0234 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/08/01 23:57:02.0390 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/01 23:57:02.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/01 23:57:02.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/01 23:57:02.0718 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/01 23:57:02.0921 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/01 23:57:03.0015 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/01 23:57:03.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/01 23:57:03.0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/01 23:57:03.0203 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/08/01 23:57:03.0453 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/08/01 23:57:03.0625 ubohci (faba2c72b5b2f4981a1787708697a931) C:\WINDOWS\system32\DRIVERS\ubohci.sys
2010/08/01 23:57:03.0859 ubsbm (6d76bb40f8d28bee0f7a9334a8ac43fd) C:\WINDOWS\system32\DRIVERS\ubsbm.sys
2010/08/01 23:57:04.0093 ubumapi (58f3585bca362818338867d0d3581d50) C:\WINDOWS\system32\DRIVERS\ubumapi.sys
2010/08/01 23:57:04.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/01 23:57:04.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/01 23:57:04.0546 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/01 23:57:04.0656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/01 23:57:04.0703 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/01 23:57:04.0828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/01 23:57:04.0906 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/01 23:57:04.0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/01 23:57:05.0062 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/08/01 23:57:05.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/01 23:57:05.0281 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/01 23:57:05.0343 V0330VID (40f9792b85292b6e35e411296494129f) C:\WINDOWS\system32\DRIVERS\V0330Vid.sys
2010/08/01 23:57:05.0609 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/01 23:57:05.0796 viagfx (865a4b05cd14a1353a15637ec7ef71af) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2010/08/01 23:57:05.0984 ViaIde (17598d1b89d5a57b999e4eb820911933) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/01 23:57:05.0984 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaide.sys. Real md5: 17598d1b89d5a57b999e4eb820911933, Fake md5: 3b3efcda263b8ac14fdf9cbdd0791b2e
2010/08/01 23:57:05.0984 ViaIde - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/01 23:57:06.0078 viamraid (00046aa2e396edc2238556e740a8e5af) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2010/08/01 23:57:06.0109 viasraid (2eab80850163b2a123d09f34574bedcf) C:\WINDOWS\system32\DRIVERS\viasraid.sys
2010/08/01 23:57:06.0281 VIAudio (fece79a9aef62ad5f11a3f4a14f1dead) C:\WINDOWS\system32\drivers\vinyl97.sys
2010/08/01 23:57:06.0453 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\WINDOWS\system32\DRIVERS\videX32.sys
2010/08/01 23:57:06.0625 VNICPKT5 (099c73795ecf8de4d39ebdf685d91ad8) C:\WINDOWS\system32\VNICPKT5.SYS
2010/08/01 23:57:06.0859 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/01 23:57:06.0921 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
2010/08/01 23:57:07.0093 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
2010/08/01 23:57:07.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/01 23:57:07.0343 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/01 23:57:07.0406 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/01 23:57:07.0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/01 23:57:07.0531 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/01 23:57:07.0578 ================================================================================
2010/08/01 23:57:07.0578 Scan finished
2010/08/01 23:57:07.0578 ================================================================================
2010/08/01 23:57:07.0593 Detected object count: 1
2010/08/02 00:04:00.0921 ViaIde (17598d1b89d5a57b999e4eb820911933) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/02 00:04:00.0921 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaide.sys. Real md5: 17598d1b89d5a57b999e4eb820911933, Fake md5: 3b3efcda263b8ac14fdf9cbdd0791b2e
2010/08/02 00:04:04.0390 Backup copy not found, trying to cure infected file..
2010/08/02 00:04:04.0390 Cure success, using it..
2010/08/02 00:04:04.0406 C:\WINDOWS\system32\DRIVERS\viaide.sys - will be cured after reboot
2010/08/02 00:04:04.0406 Rootkit.Win32.TDSS.tdl3(ViaIde) - User select action: Cure
2010/08/02 00:04:13.0390 Deinitialize success
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby deltalima » August 2nd, 2010, 4:26 am

Hi txacoli,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    :commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a new HijackThis log and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby txacoli » August 2nd, 2010, 1:13 pm

As some of these logs are so long, I'm replying to your last email in stages. Here is the log following the OTL fix. I'll post the others as I do them.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
File not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 29489 bytes
->Temporary Internet Files folder emptied: 157905 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14047080 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2342770 bytes

Total Files Cleaned = 16.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08022010_180725

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
txacoli
Active Member
 
Posts: 11
Joined: July 28th, 2010, 1:29 pm

Re: GetDriveLayOut pop-up box error - can't get rid of it

Unread postby deltalima » August 2nd, 2010, 2:23 pm

OK thanks, the Kaspersky can may take a long time.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 490 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware