Hi JMW3
Thank you for helping me. I have pasted the logs you requested below.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Billy Corcoran at 10:44:49.96 on 03/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.2047.1376 [GMT 1:00]
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Roland\VSC32\vsc32cnf.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roland\VSC32\vscvol.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Billy Corcoran\Desktop\CleanUp\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page =
www.google.ie/BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program
files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft
shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vsc32cnf.exe] c:\program files\roland\vsc32\vsc32cnf.exe
mRun: [vscvol.exe] c:\program files\roland\vsc32\vscvol.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\billyc~1\startm~1\programs\startup\spywareguard.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless
utility\Belkinwcui.exe
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft
office\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
hxxp://housecall65.trendmicro.com/house ... hcImpl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} -
hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\billyc~1\applic~1\mozilla\firefox\profiles\e22nb6s4.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\billy corcoran\local settings\application
data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: f:\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: f:\divx\divx web player\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-6-25 40464]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-15 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-25 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-6-22 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-6-22 46864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-20 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-20 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-6-25 353672]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-20 298776]
R2 ComodoBackupService;ComodoBackupService;c:\program files\comodo\backup\CmdBkSvc.exe [2008-11-27 1023488]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-10 47640]
R2 RVIEGVST;VSC VST Engine;c:\program files\roland\virtual sound canvas vst\RVIEg01VST.sys [2008-8-13 188276]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe
service [?]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service -->
c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-6-22 33552]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [2008-8-13 951284]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\77.tmp [2009-6-25 5760]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-25 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-25 1095560]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-07-03 10:42 <DIR> --d-h--- c:\windows\PIF
2009-06-30 13:40 <DIR> --d----- c:\documents and settings\billy corcoran\Tracing
2009-06-30 13:34 <DIR> --d----- c:\program files\Microsoft
2009-06-30 13:33 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-30 13:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-30 13:01 <DIR> --d----- c:\program files\filehippo.com
2009-06-28 22:16 <DIR> --d----- c:\program files\Trend Micro
2009-06-27 23:27 18,942 a------- c:\windows\system32\AAWService_2009_06_27_23_27_17.dmp
2009-06-25 17:10 40,464 a------- c:\windows\system32\drivers\hotcore3.sys
2009-06-25 17:09 <DIR> --d----- c:\program files\Paragon Software
2009-06-25 16:20 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-06-25 16:20 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-06-25 16:19 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-06-25 16:19 <DIR> --d----- c:\program files\Zone Labs
2009-06-25 16:19 350,192 a------- c:\windows\system32\vsconfig.xml
2009-06-25 16:17 <DIR> --d----- c:\windows\Internet Logs
2009-06-25 15:47 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-25 15:47 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-25 15:47 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-25 15:47 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-25 15:47 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-25 15:47 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-25 15:47 <DIR> --d----- c:\docume~1\billyc~1\applic~1\PC Tools
2009-06-25 14:15 5,760 -------- c:\windows\system32\77.tmp
2009-06-25 13:48 <DIR> --d-----
c:\docume~1\billyc~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-25 10:46 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-24 22:07 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-06-24 20:43 <DIR> --d----- c:\program files\SpywareGuard
2009-06-24 20:24 <DIR> --d----- C:\MBtools.exe
2009-06-22 07:16 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-22 07:16 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-22 07:16 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-22 07:16 <DIR> --d----- c:\program files\ThreatFire
2009-06-22 07:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-21 10:49 5,760 -------- c:\windows\system32\8F.tmp
2009-06-20 19:49 2,862 a------- c:\windows\system32\tmp.reg
2009-06-20 18:22 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-20 14:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-20 14:30 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 14:30 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 14:30 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-19 21:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-06-19 13:42 <DIR> --d----- c:\program files\Enigma Software Group
2009-06-14 09:44 <DIR> --d----- c:\docume~1\billyc~1\applic~1\TrueCrypt
2009-06-14 09:42 217,664 a------- c:\windows\system32\drivers\truecrypt.sys
2009-06-14 09:42 <DIR> --d----- c:\program files\TrueCrypt
2009-06-10 13:25 <DIR> --d----- c:\program files\EZBackitup
==================== Find3M ====================
2009-06-24 23:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 ac------ c:\windows\system32\drivers\mbam.sys
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-27 00:33 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-05-13 16:12 286,720 a------- c:\windows\iun506.exe
2009-05-13 01:36 21,504 a------- c:\windows\jestertb.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 ac------ c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
============= FINISH: 10:46:12.78 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02/07/2008 19:36:59
System Uptime: 07/03/2009 10:22:01 (2832 hours ago)
Motherboard: First International Computer, Inc. | | AM39L
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1998/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 23.793 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 234 GiB total, 168.621 GiB free.
G: is Removable
H: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: MSP3880-W 56K PCI Modem
Device ID: PCI\VEN_127A&DEV_2014&SUBSYS_4055122D&REV_01\3&61AAA01&0&48
Manufacturer: Conexant
Name: MSP3880-W 56K PCI Modem
PNP Device ID: PCI\VEN_127A&DEV_2014&SUBSYS_4055122D&REV_01\3&61AAA01&0&48
Service: Modem
==== System Restore Points ===================
RP558: 20/06/2009 11:35:40 - Revo Uninstaller's restore point - Spyware Doctor 6.0
RP559: 20/06/2009 13:57:59 - Revo Uninstaller's restore point - AVG 8.5
RP560: 20/06/2009 13:59:10 - Removed AVG 8.5
RP561: 20/06/2009 14:01:23 - Installed AVG 8.5
RP562: 20/06/2009 14:29:49 - Installed AVG Free 8.5
RP563: 21/06/2009 16:51:27 - System Checkpoint
RP564: 21/06/2009 17:14:08 - Advanced SystemCare RestorePoint
RP565: 24/06/2009 16:32:23 - System Checkpoint
RP566: 24/06/2009 18:07:05 - Revo Uninstaller's restore point - Skype™ Beta 4.1
RP567: 24/06/2009 18:07:40 - Removed Skype™ Beta 4.1
RP568: 24/06/2009 18:12:40 - Revo Uninstaller's restore point - Skype web features
RP569: 24/06/2009 18:13:04 - Removed Skype web features
RP570: 24/06/2009 19:27:46 - Revo Uninstaller's restore point - IObit Security 360 Beta 1.1
RP571: 24/06/2009 20:12:05 - Revo Uninstaller's restore point - Java(TM) 6 Update 6
RP572: 24/06/2009 20:14:45 - Revo Uninstaller's restore point - Java(TM) 6 Update 14
RP573: 24/06/2009 22:06:36 - Removed Windows Installer Clean Up
RP574: 24/06/2009 22:07:48 - Installed Windows Installer Clean Up
RP575: 24/06/2009 23:04:45 - Installed Java(TM) 6 Update 14
RP576: 25/06/2009 16:39:53 - Revo Uninstaller's restore point - Bonjour
RP577: 25/06/2009 16:40:58 - Removed Bonjour
RP578: 25/06/2009 16:42:37 - Revo Uninstaller's restore point - Apple Mobile Device Support
RP579: 25/06/2009 16:43:46 - Removed Apple Mobile Device Support
RP580: 25/06/2009 16:46:37 - Revo Uninstaller's restore point - Apple Software Update
RP581: 25/06/2009 16:46:59 - Removed Apple Software Update
RP582: 25/06/2009 17:09:30 - Installed Paragon Drive Backup™ 9 Personal Special Edition.
RP583: 26/06/2009 14:42:49 - Software Distribution Service 3.0
RP584: 27/06/2009 16:11:37 - System Checkpoint
RP585: 28/06/2009 16:59:26 - System Checkpoint
RP586: 29/06/2009 16:19:40 - Revo Uninstaller's restore point - SnagIt 8
RP587: 29/06/2009 16:22:19 - Revo Uninstaller's restore point - SnagIt 8
RP588: 29/06/2009 16:25:49 - SnagIt
RP589: 29/06/2009 16:28:56 - Revo Uninstaller's restore point - SnagIt 8
RP590: 29/06/2009 16:33:50 - Revo Uninstaller's restore point - ZoneAlarm Spy Blocker Toolbar
RP591: 30/06/2009 13:19:59 - TrueCrypt installation
RP592: 01/07/2009 07:05:43 - Configured AVG 8.5
RP593: 01/07/2009 07:22:29 - Avg8 Update
RP594: 01/07/2009 07:24:34 - Avg8 Update
RP595: 01/07/2009 07:25:53 - Avg8 Update
RP596: 01/07/2009 07:28:20 - Software Distribution Service 3.0
RP597: 02/07/2009 11:28:49 - System Checkpoint
RP598: 02/07/2009 20:27:07 - Revo Uninstaller's restore point - True Sword 5
RP599: 02/07/2009 20:29:19 - Revo Uninstaller's restore point - SpyHunter
RP600: 02/07/2009 20:30:58 - Revo Uninstaller's restore point - Yuuguu
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
Advanced SystemCare 3
ArcSoft PhotoStudio 5.5
AutoUpdate
AVG 8.5
Belkin Wireless USB Utility
CamStudio
CamStudio Lossless Codec v1.4
Canon MP Navigator 2.0
Canon MP170
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
Choice Guard
Comodo BackUp
Critical Update for Windows Media Player 11 (KB959772)
Defraggler (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DriveImage XML (Private Edition)
EZBack-it-up 2.0.1
filehippo.com Update Checker
FixedLength
FlexiMusic Kids Composer
FlexiMusic Wave Editor
Free Mp3 Wma Converter V 1.81
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HyperCam 2
IsoBuster 2.5
Java(TM) 6 Update 14
LogMeIn
Looper
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Embedding Fonts Tool (III)
Microsoft Windows XP Video Decoder Checkup Utility
MKV Splitter
Mozilla Firefox (3.5)
mp3-2-wav converter 1.14
MSP3880-W 56K PCI Modem
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Windows 2000/XP Display Drivers
OE-Mail Recovery 1.7
OmniPage SE
Packet Tracer 5.1
Paragon Drive Backup™ 9 Personal Special Edition
PIXresizer 1.0.8
Prism Video Converter
QuickTime
RealPlayer
Realtek AC'97 Audio
Revo Uninstaller 1.83
Rhythm'n'Chords 2 Lite CW
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Search Settings 1.2.1
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SlicyDrummer Lite
SONAR 2
SONAR 2.2
Sonic Activation Module
Sonic Timeworks Sonar 2 Plug-ins
Sophos Anti-Rootkit 1.3.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Doctor 6.0
SpywareBlaster 4.2
SpywareGuard v2.2
Style Enhancer Micro 2.0
SUPERAntiSpyware Free Edition
Switch Sound File Converter
ThreatFire
TrueCrypt
TweakNow RegCleaner
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VeloMaster Lite CW
VIA Rhine-Family Fast-Ethernet Adapter
Virtual Sound Canvas 3.2
Virtual Sound Canvas DXi
Virtual Sound Canvas VST
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VMware Player
WAV to MP3 Encoder
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.1
XP Codec Pack
ZoneAlarm
==== Event Viewer Messages From Past Week ========
29/06/2009 11:10:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
29/06/2009 11:09:04, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
29/06/2009 11:07:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip truecrypt UimBus Uim_IM vsdatant WS2IFSL
29/06/2009 11:07:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/06/2009 11:07:29, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
29/06/2009 11:07:29, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
29/06/2009 11:07:29, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/06/2009 11:07:29, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/06/2009 11:07:29, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
29/06/2009 10:12:52, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/06/2009 10:12:46, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
29/06/2009 10:11:50, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
29/06/2009 10:11:50, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
29/06/2009 10:11:50, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/06/2009 23:04:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VMware Authorization Service service to connect.
27/06/2009 23:04:10, error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/06/2009 14:43:30, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
01/07/2009 22:46:08, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM AvgLdx86 AvgMfx86 Fips SASDIFSV SASKUTIL truecrypt UimBus Uim_IM
01/07/2009 22:24:19, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
GMER 1.0.15.14972 -
http://www.gmer.netRootkit scan 2009-07-03 10:56:25
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB5C5FFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB5C5CC80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF745D514]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB5C60580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB5C74900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB5C74B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB5C78B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB5C60670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB5C5D210]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF745DD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF745DFB8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB5C74280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB5C77F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB5C77F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB5C5D070]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF745C3FA]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB5C76180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB5C75F40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF745E422]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB5C78150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB5C5FBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB5C78540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB5C60190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB5C5D440]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF745D7D8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB5C75200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB5C75080]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp TfNetMon.sys (ThreatFire Network Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp TfNetMon.sys (ThreatFire Network Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\usbhub \Device\00000089 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp TfNetMon.sys (ThreatFire Network Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008c hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008d hcmon.sys (VMware USB monitor/VMware, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- EOF - GMER 1.0.15 ----