WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HijackThis - Please Help Diagnose My Logfile

Started by th4u , Mar 18 2007 04:51 AM

This topic is locked

39 replies to this topic

#16 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:02 PM

Part 2
[quote]---- User code sections - GMER 1.0.12 ----

.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[404] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[444] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[444] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[444] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[444] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[444] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[444] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[444] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!StrStrW + FFE34A26 7C9CF908 4 Bytes [ E0, 0B, 8D, 77 ]
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!SHFileOperationW 7CA6FD0A 5 Bytes JMP 10001102 D:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe[768] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe[768] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe[768] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[780] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0B001E
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F05001E
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1B001E
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F17001E
.text D:\Program Files\Comodo\Firewall\cmdagent.exe[892] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F11001E
.text C:\WINDOWS\system32\ctfmon.exe[908] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[908] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[908] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[908] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[908] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[908] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[908] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[908] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SOUNDMAN.EXE[916] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[916] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SOUNDMAN.EXE[916] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[916] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\SOUNDMAN.EXE[916] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[976] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Unlocker\UnlockerAssistant.exe[1032] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\AnalogX\CookieWall\cookie.exe[1084] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[1100] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\csrss.exe[1124] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[1124] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[1124] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[1124] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[1124] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[1124] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1124] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\csrss.exe[1124] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[1156] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[1156] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1156] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[1156] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1156] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[1156] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[1200] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1200] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[1200] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1200] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1200] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\services.exe[1200] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\services.exe[1200] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[1212] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1212] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1212] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1212] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1212] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\lsass.exe[1212] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\lsass.exe[1212] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[1236] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Spyware Doctor\swdoctor.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Spyware Doctor\swdoctor.exe[1264] user32.dll!DispatchMessageA 77D496B8 6 Bytes JMP 5F040F5A
.text D:\Program Files\Spyware Doctor\swdoctor.exe[1264] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F140F5A
.text D:\Program Files\Spyware Doctor\swdoctor.exe[1264] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F100F5A
.text D:\Program Files\Spyware Doctor\swdoctor.exe[1264] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1436] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1536] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1576] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 12, 5F ]
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [ 05, 5F ]
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0F001E
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0B001E
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1F001E
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F1B001E
.text D:\Program Files\Comodo\Firewall\cpf.exe[1640] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F15001E
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1660] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1692] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1704] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1712] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe[1748] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe[1768] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\tinySpell\tinyspell.exe[1788] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\tinySpell\tinyspell.exe[1788] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\tinySpell\tinyspell.exe[1788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\tinySpell\tinyspell.exe[1788] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\tinySpell\tinyspell.exe[1788] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\tinySpell\tinyspell.exe[1788] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\tinySpell\tinyspell.exe[1788] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\tinySpell\tinyspell.exe[1788] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1796] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Rainlendar2\Rainlendar2.exe[1848] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1872] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2024] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2024] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2024] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2076] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[2188] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2216] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2256] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[2256] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[2256] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2256] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2256] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2256] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2256] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2256] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe[2332] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2512] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\PSIService.exe[2548] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\PSIService.exe[2548] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\PSIService.exe[2548] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PSIService.exe[2548] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PSIService.exe[2548] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\PSIService.exe[2548] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\PSIService.exe[2548] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\PSIService.exe[2548] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2560] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Spyware Doctor\sdhelp.exe[2620] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text D:\Program Files\Spyware Doctor\sdhelp.exe[2620] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Spyware Doctor\sdhelp.exe[2620] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\DeeP125\CoodClip\CoodClip.exe[2720] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] USER32.dll!SetWindowsHo

Advertisements

Register to Remove

#17 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:11 PM

Part 3
[quote].text C:\WINDOWS\system32\tcpsvcs.exe[2816] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\tcpsvcs.exe[2816] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe[3084] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\WordWeb\wweb32.exe[3120] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\WordWeb\wweb32.exe[3120] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\WordWeb\wweb32.exe[3120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\WordWeb\wweb32.exe[3120] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\WordWeb\wweb32.exe[3120] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\WordWeb\wweb32.exe[3120] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\WordWeb\wweb32.exe[3120] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\WordWeb\wweb32.exe[3120] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Spyware Terminator\sp_rsser.exe[3140] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F1A0F5A
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F160F5A
.text D:\Program Files\Clipboard Magic\ClipboardMagic.exe[3240] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F100F5A
.text D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[3400] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[3400] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[3400] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text D:\Program Files\KO Approach\Approach.exe[3432] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text D:\Program Files\KO Approach\Approach.exe[3432] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\KO Approach\Approach.exe[3432] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text C:\Program Files\WallpaperToy\Wallpapertoy.Exe[3452] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\WallpaperToy\Wallpapertoy.Exe[3452] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WallpaperToy\Wallpapertoy.Exe[3452] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text D:\Program Files\UPHClean\uphclean.exe[3500] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text D:\Program Files\UPHClean\uphclean.exe[3500] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\UPHClean\uphclean.exe[3500] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\alg.exe[4072] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\alg.exe[4072] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\alg.exe[4072] GDI32.dll!Escape 77F26926 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[4668] SHELL32.dll!SHFileOperationW 7CA6FD0A 5 Bytes JMP 10001102 D:\Program Files\Unlocker\UnlockerHook.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8A78C1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8A78C1D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8A350758
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8A350758
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8A350758
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A350758
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8A350758
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8A350758
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8A350758
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A71A1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A71A1D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 8A3391D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 8A3391D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8A3391D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3391D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 8A3391D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8A3391D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 8A3391D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8A78F1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8A35B980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8A35B980
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 8A78F1D8
Device \Driver\nvata \Device\00000082 IRP_MJ_CREATE 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_CREATE_NAMED_PIPE 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_CLOSE 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_READ 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_WRITE 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_QUERY_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_SET_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_QUERY_EA 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_SET_EA 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_FLUSH_BUFFERS 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_SET_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_DIRECTORY_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_FILE_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_SHUTDOWN 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_LOCK_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_CLEANUP 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_CREATE_MAILSLOT 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_QUERY_SECURITY 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_SET_SECURITY 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_POWER 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_DEVICE_CHANGE 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_QUERY_QUOTA 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_SET_QUOTA 8A7191D8
Device \Driver\nvata \Device\00000082 IRP_MJ_PNP 8A7191D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 894161D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 894161D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 894161D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 894161D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 894161D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 894161D8
Device \Driver\nvata \Device\00000084 IRP_MJ_CREATE 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_CREATE_NAMED_PIPE 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_CLOSE 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_READ 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_WRITE 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_EA 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_EA 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_FLUSH_BUFFERS 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_DIRECTORY_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_FILE_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_SHUTDOWN 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_LOCK_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_CLEANUP 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_CREATE_MAILSLOT 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_SECURITY 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_SECURITY 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_POWER 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_DEVICE_CHANGE 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_QUERY_QUOTA 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_SET_QUOTA 8A7191D8
Device \Driver\nvata \Device\00000084 IRP_MJ_PNP 8A7191D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 894161D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 894161D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 894161D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 894161D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 894161D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 894161D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8A350758
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8A350758
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8A350758
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A350758
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8A350758
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8A350758
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8A350758
Device \Driver\NetBT \Device\NetBT_Tcpip_{1490BC0F-C45F-459D-AB26-760E1C0D2FD1} IRP_MJ_CREATE 894161D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1490BC0F-C45F-459D-AB26-760E1C0D2FD1} IRP_MJ_CLOSE 894161D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1490BC0F-C45F-459D-AB26-760E1C0D2FD1} IRP_MJ_DEVICE_CONTROL 894161D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1490BC0F-C45F-459D-AB26-760E1C0D2FD1} IRP_MJ_INTERNAL_DEVICE_CONTROL 894161D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1490BC0F-C45F-459D-AB26-760E1C0D2FD1} IRP_MJ_CLEANUP 894161D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1490BC0F-C45F-459D-AB26-760E1C0D2FD1} IRP_MJ_PNP 894161D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 8A3391D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 8A3391D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8A3391D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3391D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 8A3391D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8A3391D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 8A3391D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 8A7191D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 8A7191D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8936D1D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 8A7191D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 8A7191D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device

#18 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:19 PM

Have to add Part 4

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8936D1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8936D1D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 8A7191D8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 8A7191D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A78F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A78F1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 8A78D1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 8A78D1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 8A78D1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A78D1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 8A78D1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 8A78D1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 8A78D1D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 87AA4278
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 87AA4278
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible A51021F9
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8936B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8936B980

---- Threads - GMER 1.0.12 ----

Thread 4:368 8A3CB8E0
Thread 4:372 8A3CB8E0
Thread 4:376 8A36E8D0
Thread 4:380 8A36E8D0
Thread 4:384 8A36E8D0
Thread 4:692 8A3CB8E0
Thread 4:840 8A3CB8E0

---- Files - GMER 1.0.12 ----

File C:\Documents and Settings\mikewill\My Private Folder\prvflder.dat

---- EOF - GMER 1.0.12 ----

#19 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:43 PM

WinPFind log - part 1

WinPFind logfile created on: 3/21/2007 4:22:29 AM
WinPFind by OldTimer - v2.0.2 Folder = C:\Documents and Settings\mikewill\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

2096620 Kb Total Physical Memory | 984036 Kb Available Physical Memory | 46.93% Memory free
4033632 Kb Paging File | 3072000 Kb Available in Paging File | 76.16% Paging File free
Paging file location: C:\pagefile.sys 2046 4092

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40957684 Kb Total Space | 20055972 Kb Free Space | 48.97% Space Free
Drive D: | 102398276 Kb Total Space | 96669296 Kb Free Space | 94.41% Space Free
Drive E: | 21229864 Kb Total Space | 16966700 Kb Free Space | 79.92% Space Free
Drive F: | 77987508 Kb Total Space | 71761512 Kb Free Space | 92.02% Space Free

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\mikewill\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe ()
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe ()
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
C:\WINDOWS\system32\PSIService.exe ()
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
D:\Program Files\AnalogX\CookieWall\cookie.exe ()
D:\Program Files\Clipboard Magic\ClipboardMagic.exe (CyberMatrix Corporation, Inc.)
D:\Program Files\Comodo\Firewall\cmdagent.exe (COMODO)
D:\Program Files\Comodo\Firewall\cpf.exe (COMODO)
D:\Program Files\DeeP125\CoodClip\CoodClip.exe (DeeP125)
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
D:\Program Files\Giganology\Gigaget\Gigaget.exe (Giganology Inc.)
D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe (IObit)
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (Kaspersky Lab)
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (Kaspersky Lab)
D:\Program Files\KO Approach\Approach.exe (KO Software)
D:\Program Files\Maxthon\Maxthon.exe (Maxthon International Ltd.)
D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe ()
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
D:\Program Files\Rainlendar2\Rainlendar2.exe ()
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
D:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
D:\Program Files\Spyware Doctor\swdoctor.exe (PC Tools Research Pty Ltd)
D:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
D:\Program Files\tinySpell\tinyspell.exe ()
D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe ()
D:\Program Files\Unlocker\UnlockerAssistant.exe ()
D:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe ()
D:\Program Files\WordWeb\wweb32.exe (Antony Lewis)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running]
= D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Auto | Running]
= D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (Kaspersky Lab)

(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running]
= D:\Program Files\Comodo\Firewall\cmdagent.exe (COMODO)

(DCSPGSRV) DiamondCS ProcessGuard Service v3.410 [Win32_Own | Auto | Stopped]
= (File not found)

(Diskeeper) Diskeeper [Win32_Own | Auto | Running]
= D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped]
= (File not found)

(InCDsrv) InCD Helper [Win32_Own | Auto | Running]
= D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)

(NBService) NBService [Win32_Own | On_Demand | Stopped]
= D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running]
= C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(prfldsvc) Private Folder Service [Win32_Own | Auto | Running]
= D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe ()

(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running]
= C:\WINDOWS\system32\PSIService.exe ()

(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped]
= C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running]
= D:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)

(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running]
= D:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)

(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running]
= D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)

(ULHCLFF) ULHCLFF [Win32_Own | Disabled | Stopped]
= (File not found)

»»»»»»»»»»»»»»»»»»»» Driver Services (Non-Microsoft) »»»»»»»»»»

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped]
= (File not found)

(abp480n5) abp480n5 [Kernel | Disabled | Stopped]
= (File not found)

(adpu160m) adpu160m [Kernel | Disabled | Stopped]
= (File not found)

(Aha154x) Aha154x [Kernel | Disabled | Stopped]
= (File not found)

(aic78u2) aic78u2 [Kernel | Disabled | Stopped]
= (File not found)

(aic78xx) aic78xx [Kernel | Disabled | Stopped]
= (File not found)

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

(AliIde) AliIde [Kernel | Disabled | Stopped]
= (File not found)

(AmdK8) AMD Processor Driver [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

(AmeLanPc) AmeLanPc [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\amelanpc.sys (Alcatel Microelectronics)

(amsint) amsint [Kernel | Disabled | Stopped]
= (File not found)

(asc) asc [Kernel | Disabled | Stopped]
= (File not found)

(asc3350p) asc3350p [Kernel | Disabled | Stopped]
= (File not found)

(asc3550) asc3550 [Kernel | Disabled | Stopped]
= (File not found)

(Atdisk) Atdisk [Kernel | Disabled | Stopped]
= (File not found)

(AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\anti_rkt.sys (GRISOFT, s.r.o.)

(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running]
= D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.sys ()

(AVG Clean Driver) AVG Clean Driver [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\cleandrv.sys (GRISOFT, s.r.o.)

(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped]
= (File not found)

(Changer) Changer [Kernel | System | Stopped]
= (File not found)

(CmdIde) CmdIde [Kernel | Disabled | Stopped]
= (File not found)

(CmdMon) Comodo Application Engine [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\cmdmon.sys (Comodo Research Lab., Inc.)

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped]
= (File not found)

(dac960nt) dac960nt [Kernel | Disabled | Stopped]
= (File not found)

(dmboot) dmboot [Kernel | Disabled | Stopped]
= C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)

(dmload) dmload [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)

(dpti2o) dpti2o [Kernel | Disabled | Stopped]
= (File not found)

(hpn) hpn [Kernel | Disabled | Stopped]
= (File not found)

(i2omgmt) i2omgmt [Kernel | System | Stopped]
= (File not found)

(i2omp) i2omp [Kernel | Disabled | Stopped]
= (File not found)

(ikhfile) File Security Kernel Anti-Spyware Driver [File_System | System | Running]
= C:\WINDOWS\system32\drivers\ikhfile.sys (PCTools Research Pty Ltd.)

(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\ikhlayer.sys (PCTools Research Pty Ltd.)

(imagedrv) imagedrv [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\imagedrv.sys (Ahead Software AG)

(imagesrv) imagesrv [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\imagesrv.sys (Ahead Software AG)

(InCDfs) InCD File System [File_System | Disabled | Running]
= C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)

(InCDPass) InCDPass [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)

(incdrm) InCD Reader [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)

(ini910u) ini910u [Kernel | Disabled | Stopped]
= (File not found)

(Inspect) Comodo Network Engine [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\inspect.sys (COMODO)

(IntelIde) IntelIde [Kernel | Disabled | Stopped]
= (File not found)

(IsDrv118) IsDrv118 [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\IsDrv118.sys ()

(kl1) kl1 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

(klif) klif [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

(lbrtfdc) lbrtfdc [Kernel | System | Stopped]
= (File not found)

(MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\SophosMEMSWEEP.SYS (File not found)

(mraid35x) mraid35x [Kernel | Disabled | Stopped]
= (File not found)

(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\ASACPI.sys ()

(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

(nv) nv [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

(nvata) nvata [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)

(nvax) Service for NVIDIA® nForce™ Audio Enumerator [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)

(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

(nvnforce) Service for NVIDIA® nForce™ Audio [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)

(oreans32) oreans32 [Kernel | System | Stopped]
= (File not found)

(PCIDump) PCIDump [Kernel | System | Stopped]
= (File not found)

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped]
= (File not found)

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped]
= (File not found)

(PDRELI) PDRELI [Kernel | On_Demand | Stopped]
= (File not found)

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped]
= (File not found)

(perc2) perc2 [Kernel | Disabled | Stopped]
= (File not found)

(perc2hib) perc2hib [Kernel | Disabled | Stopped]
= (File not found)

(procguard) procguard [Kernel | Auto | Stopped]
= C:\WINDOWS\system32\drivers\procguard.sys (File not found)

(Prvflder) Prvflder [File_System | Auto | Running]
= C:\WINDOWS\system32\drivers\prvflder.sys (Windows ® 2000 DDK provider)

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

(PxHelp20) PxHelp20 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)

(ql1080) ql1080 [Kernel | Disabled | Stopped]
= (File not found)

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped]
= (File not found)

(ql12160) ql12160 [Kernel | Disabled | Stopped]
= (File not found)

(ql1240) ql1240 [Kernel | Disabled | Stopped]
= (File not found)

(ql1280) ql1280 [Kernel | Disabled | Stopped]
= (File not found)

(Secdrv) Secdrv [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\secdrv.sys ()

(Simbad) Simbad [Kernel | Disabled | Stopped]
= (File not found)

(snapman) Acronis Snapshots Manager [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\snapman.sys (Acronis)

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)

(Sparrow) Sparrow [Kernel | Disabled | Stopped]
= (File not found)

(sptd) sptd [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\sptd.sys ()

(sp_rsdrv2) Spyware Terminator Driver 2 [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()

(symc810) symc810 [Kernel | Disabled | Stopped]
= (File not found)

(symc8xx) symc8xx [Kernel | Disabled | Stopped]
= (File not found)

(sym_hi) sym_hi [Kernel | Disabled | Stopped]
= (File not found)

(sym_u3) sym_u3 [Kernel | Disabled | Stopped]
= (File not found)

(tifsfilter) Acronis True Image FS Filter [File_System | Auto | Running]
= C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

(timounter) Acronis True Image Backup Archive Explorer [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\timntr.sys (Acronis)

(tmcomm) tmcomm [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

(TosIde) TosIde [Kernel | Disabled | Stopped]
= (File not found)

(TSP) TSP [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

(ultra) ultra [Kernel | Disabled | Stopped]
= (File not found)

(UWProSys) Process monitor. [Kernel | On_Demand | Stopped]
= D:\Program Files\CyberDefender\AntiSpyware\uwprosys.sys (File not found)

(ViaIde) ViaIde [Kernel | Disabled | Stopped]
= (File not found)

(WDICA) WDICA [Kernel | On_Demand | Stopped]
= (File not found)

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

#20 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:44 PM

Part 2

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
!AVG Anti-Spyware = D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
Acronis Scheduler2 Service = C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
AcronisTimounterMonitor = D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
Advanced WindowsCare V2 Pro = D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe (IObit)
AVP = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (Kaspersky Lab)
BitPump = D:\Program Files\AnalogX\BitPump\bitpump.exe ()
COMODO Firewall Pro = D:\Program Files\Comodo\Firewall\cpf.exe (COMODO)
CookieWall = D:\Program Files\AnalogX\CookieWall\cookie.exe ()
Gigaget = D:\Program Files\Giganology\Gigaget\GigagetShell.exe (Giganology Inc.)
muBlinder = C:\Documents and Settings\mikewill\My Documents\Unzipped\muBlinder\muBlinder.exe (KRX)
NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
nTrayFw = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
nwiz = C:\WINDOWS\system32\nwiz.exe ()
SoundMan = C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
SpywareTerminator = D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
TrueImageMonitor.exe = D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
UnlockerAssistant = D:\Program Files\Unlocker\UnlockerAssistant.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
Magnifying Glass = D:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe ()
Rainlendar2 = D:\Program Files\Rainlendar2\Rainlendar2.exe ()
RoboForm = C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
SpybotSD TeaTimer = D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
Spyware Doctor = D:\Program Files\Spyware Doctor\swdoctor.exe (PC Tools Research Pty Ltd)
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
TBC Pro = D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe ()
tinySpell = D:\Program Files\tinySpell\tinyspell.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*

< Common Startup Folder = C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\CoodClip.lnk
= D:\Program Files\DeeP125\CoodClip\CoodClip.exe (DeeP125)

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini ()

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
= C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe ()

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WordWeb.lnk
= D:\Program Files\WordWeb\wweb32.exe (Antony Lewis)

< User Startup Folder = C:\Documents and Settings\mikewill\Start Menu\Programs\Startup >
C:\Documents and Settings\mikewill\Start Menu\Programs\Startup\Clipboard Magic.lnk
D:\Program Files\Clipboard Magic\ClipboardMagic.exe (CyberMatrix Corporation, Inc.)

C:\Documents and Settings\mikewill\Start Menu\Programs\Startup\desktop.ini ()

C:\Documents and Settings\mikewill\Start Menu\Programs\Startup\KO Approach.lnk
D:\Program Files\KO Approach\Approach.exe (KO Software)

C:\Documents and Settings\mikewill\Start Menu\Programs\Startup\Wallpaper Changer.lnk
C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
NVIDIA nTune = C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
nwiz = C:\WINDOWS\system32\nwiz.exe ()
DiskeeperSystray = D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
SunJavaUpdateSched = D:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
Google Desktop Search = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
InCD = D:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

>>>>> Disabled Startup Folder Items <<<<<

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = UltraEdit.ini] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = UltraEdit.js] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> Reg Data - Key not found
htmlfile [open] -> "D:\Program Files\Maxthon\Maxthon.exe" "%1" (Maxthon International Ltd.)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> "D:\Program Files\Maxthon\Maxthon.exe" "%1" (Maxthon International Ltd.)

https [open] -> "D:\Program Files\Maxthon\Maxthon.exe" "%1" (Maxthon International Ltd.)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> "D:\Program Files\Maxthon\Maxthon.exe" "%1" (Maxthon International Ltd.)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> Reg Data - Key not found
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> Reg Data - Key not found
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> Reg Data - Key not found
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> Reg Data - Key not found
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> Reg Data - Key not found

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [cmd] -> cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FSIV] -> "D:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> WOW Settings <<<<<

#21 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:46 PM

Part 3

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = SsiEfr.exe;
ExcludeFromKnownDlls =
PendingFileRenameOperations = \??\C:\DOCUME~1\mikewill\LOCALS~1\Temp\~nsu.tmp\Au_.exe;

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )

>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
DllName = C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
ScanWithAntiVirus = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
LinkResolveIgnoreLinkInfo = 0
NoResolveSearch = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
NoResolveTrack = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145
NoSaveSettings = 0
ClearRecentDocsOnExit = ( 0 0 0 0 ) -
LinkResolveIgnoreLinkInfo = 0
NoInstrumentation = 0
NoUserNameInStartMenu = 1
NoToolbarsOnTaskbar = 0
NoSetTaskbar = 0
ClassicShell = 0
NoMovingBands = 0
NoCloseDragDropBands = 0
NoStartMenuMFUprogramsList = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 91922 bytes | Modified Date: 3/20/2007 9:57:14 PM)

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft....k/?LinkId=69157
Default_Search_URL = http://go.microsoft....k/?LinkId=54896
Local Page = C:\WINDOWS\SYSTEM32\blank.htm
Search Page = http://www.google.com
Start Page = http://go.microsoft....k/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
Default_Search_URL = http://www.google.com/ie
SearchAssistant = http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Search_URL = http://www.google.com/ie
Local Page = C:\WINDOWS\SYSTEM32\blank.htm
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page = http://www.th4u.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
Default_Search_URL = http://www.google.com/ie
SearchAssistant = http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.windowsupdate]
http
https

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\th4u.com\www]
http

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windowsupdate.com\download]
http

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
- GigagetIEHelper Class ( HKLM = C:\WINDOWS\system32\gigagetbho_v10.dll (Giganology Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
- PCTools Site Guard ( HKLM = D:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69A87B7D-DE56-4136-9655-716BA50C19C7}]
- &Google Web Accelerator Helper ( HKLM = C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll () )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
- Reg Data - Value does not exist ( HKLM = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = D:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
- Google Toolbar Helper ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
- PCTools Browser Monitor ( HKLM = D:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) )
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm ( HKLM = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems) )
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Google Web Accelerator ( HKLM = C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll () )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm ( HKLM = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) )
{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm ( HKLM = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems) )
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Google Web Accelerator ( HKLM = C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll () )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8196 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} = 8197 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{320AF880-6646-11D3-ABEE-C5DBF3571F46} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{320AF880-6646-11D3-ABEE-C5DBF3571F49} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{724d43aa-0d85-11d4-9908-00400523e39a} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8198

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - Java Plug-in 1.6.0 ( HKLM D:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - Java Plug-in 1.6.0 ( HKCU D:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}]
ButtonText = ieSpell
MenuText = ieSpell
Script = D:\Program Files\ieSpell\iespell.dll\SPELLCHECK.HTM (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}]
MenuText = ieSpell Options
Script = D:\Program Files\ieSpell\iespell.dll\SPELLOPTION.HTM (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
ButtonText = Web Anti-Virus statistics

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}]
ButtonText = Spyware Doctor
ClsidExtension = {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - PCTools Browser Monitor ( HKLM D:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}]
ButtonText = Fill Forms
MenuText = Fill Forms
Script = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htm (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}]
ButtonText = Save
MenuText = Save Forms
Script = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htm (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{438AFBA1-B0CB-11d2-9214-00104B3BCE5F}]
MenuText = &Document Tree
Script = C:\WINDOWS\Web\tree.htm ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}]
ButtonText = RoboForm
MenuText = RoboForm Toolbar
Script = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Document Tree]
@ = C:\WINDOWS\Web\tree.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download All by Gigaget]
@ = D:\Program Files\Giganology\Gigaget\getallurl.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Gigaget]
@ = D:\Program Files\Giganology\Gigaget\geturl.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Google Search]
@ = Reg Data - Value does not exist (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ieSpell Options]
@ = D:\Program Files\ieSpell\iespell.dll\SPELLOPTION.HTM (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word]
@ = Reg Data - Value does not exist (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&WordWeb...]
@ = C:\WINDOWS\system32\wweb32.dll\lookup.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Backward Links]
@ = Reg Data - Value does not exist (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page]
@ = Reg Data - Value does not exist (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Check &Spelling]
@ = D:\Program Files\ieSpell\iespell.dll\SPELLCHECK.HTM (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Customize Menu]
@ = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Fill Forms]
@ = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Merriam Webster]
@ = D:\Program Files\ieSpell\Merriam Webster.HTM ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Wikipedia]
@ = D:\Program Files\ieSpell\wikipedia.HTM ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with BitPump]
@ = D:\Program Files\AnalogX\BitPump\ieint.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\RoboForm Toolbar]
@ = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save Forms]
@ = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages]
@ = Reg Data - Value does not exist (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English]
@ = Reg Data - Value does not exist (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\View Partial So&urce]
@ = C:\WINDOWS\Web\source.htm ()

>>>>> Approved Shell Extensions <<<<<

#22 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:47 PM

Part 4

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{226b64e8-dc75-4eea-a6c8-abcb4d1d37ff} = Quick Search ( HKLM = Reg Data - Key not found (File not found) )
{2B3453E4-49DF-11D3-8229-0080BE509050} = GMail Drive ( HKLM = C:\WINDOWS\system32\ShellExt\GMailFS.dll (Bjarke Viksoe) )
{2B3453E4-49DF-11D3-8229-0080BE509052} = GMailFS Property Sheet ( HKLM = C:\WINDOWS\system32\ShellExt\GMailFS.dll (Bjarke Viksoe) )
{2B3453E4-49DF-11D3-8229-0080BE509054} = GMailFS Drop Handler ( HKLM = C:\WINDOWS\system32\ShellExt\GMailFS.dll (Bjarke Viksoe) )
{2B3453E4-49DF-11D3-8229-0080BE509056} = GMailFS Context Menu ( HKLM = C:\WINDOWS\system32\ShellExt\GMailFS.dll (Bjarke Viksoe) )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} = Web Anti-Virus statistics ( HKLM = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll (Kaspersky Lab) )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEdLiveIcons Class ( HKLM = D:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll (Nero AG) )
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = D:\Program Files\WinRAR\RarExt.dll () )
{BD88A479-9623-4897-8546-BC62B9628F44} = SPTHandler ( HKLM = D:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) )
{C539A15A-3AF9-4c92-B771-50CB78F5C751} = Acronis True Image Shell Context Menu Extension ( HKLM = D:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) )
{C539A15B-3AF9-4c92-B771-50CB78F5C751} = Acronis True Image Shell Extension ( HKLM = D:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) )
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = UnlockerShellExtension ( HKLM = D:\Program Files\Unlocker\UnlockerCOM.dll () )
{E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = D:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) )
{E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = D:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) )
{E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = D:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) )
{E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = D:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) )
{EC9FE983-E520-4D8F-B1A7-ACBCA0439C70} = DQSD Deskbar ( HKLM = C:\Program Files\Quick Search Deskbar\DQSDHost.dll (Dave's Quick Search Deskbar) )
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{C539A15A-3AF9-4c92-B771-50CB78F5C751}]
- Acronis True Image Shell Context Menu Extension ( HKLM = D:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}]
- NBShellHook Class ( HKLM = D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Cover Designer]
@ = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} ( HKLM = D:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\InCDShellExt]
@ = {CAE3251E-9B15-4810-B268-852AD9792A59} ( HKLM = D:\Program Files\Nero\Nero 7\InCD\InCDshx.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus]
@ = {dd230880-495a-11d1-b064-008048ec2fc5} ( HKLM = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\SPTContMenu]
@ = {BD88A479-9623-4897-8546-BC62B9628F44} ( HKLM = D:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\UltraEdit-32]
@ = {b5eedee0-c06e-11cf-8c56-444553540000} ( HKLM = D:\Program Files\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = D:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = D:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) )

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SPTContMenu]
@ = {BD88A479-9623-4897-8546-BC62B9628F44} ( HKLM = D:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension]
@ = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} ( HKLM = D:\Program Files\Unlocker\UnlockerCOM.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AgentRansackHere]
@ = {6646F704-1528-4B5C-BAB7-176FA4B5F80A}} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\InCDShellExt]
@ = {CAE3251E-9B15-4810-B268-852AD9792A59} ( HKLM = D:\Program Files\Nero\Nero 7\InCD\InCDshx.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = D:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = D:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\{C539A15A-3AF9-4c92-B771-50CB78F5C751}]
- Acronis True Image Shell Context Menu Extension ( HKLM = D:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}]
- NBShellHook Class ( HKLM = D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\InCDShellExt]
@ = {CAE3251E-9B15-4810-B268-852AD9792A59} ( HKLM = D:\Program Files\Nero\Nero 7\InCD\InCDshx.dll (Nero AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus]
@ = {dd230880-495a-11d1-b064-008048ec2fc5} ( HKLM = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\SPTContMenu]
@ = {BD88A479-9623-4897-8546-BC62B9628F44} ( HKLM = D:\Program Files\Spyware Terminator\sptcontmenu.dll (Crawler.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension]
@ = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} ( HKLM = D:\Program Files\Unlocker\UnlockerCOM.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = D:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = D:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
Maxthon = IEAK

>>>>> TCP/IP Configuration <<<<<

#23 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:48 PM

Part 5

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1490BC0F-C45F-459D-AB26-760E1C0D2FD1}]
DefaultGateway =
DhcpDefaultGateway = 192.168.0.1;
DhcpIPAddress = 192.168.0.2
DhcpNameServer = 208.67.222.222 208.67.220.220
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
DisableDynamicUpdate = 0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 208.67.222.222,208.67.220.220
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1ABCAC03-BBD6-47EB-ADB2-07F59963ECE4}] ( 1394 Net Adapter )
DefaultGateway =
DisableDynamicUpdate = 0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{877450BF-9B17-407A-925A-E635DFA949AB}] ( ZyXEL P630 ADSL USB Modem (RFC1483 Mode) )
DefaultGateway =
DhcpServer = 255.255.255.255
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8E4DF1B8-F935-405A-8B0A-EFDB659E2988}] ( Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller )
DefaultGateway =
DisableDynamicUpdate = 0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com]
CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - ( HKLM C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE = http://download.micr...heckControl.cab
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\DownloadInformation]
CODEBASE = http://downloads.ewi...oOnlineScan.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\DownloadInformation]
CODEBASE = http://www.trendmicr...scan/as4web.cab
INF = C:\WINDOWS\Downloaded Program Files\SpyMD.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\DownloadInformation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload.ma...ent/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

»»»»»»»»»»»»»»»»»»»» Files Created Within 60 Days »»»»»»»»»»»»»

C:\boot.ini.comodofirewall [Ver = | Size = 211 bytes | Created Date = 2/13/2007 11:03:53 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Application Data\pswi_preloaded.exe [Ver = | Size = 1132112 bytes | Created Date = 3/3/2007 2:06:49 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Acronis True Image Home 10.0.lnk [Ver = | Size = 694 bytes | Created Date = 3/6/2007 11:38:10 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware SE Professional.lnk [Ver = | Size = 753 bytes | Created Date = 3/4/2007 6:59:03 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch SE Professional.lnk [Ver = | Size = 753 bytes | Created Date = 3/4/2007 6:59:03 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall Pro.lnk [Ver = | Size = 690 bytes | Created Date = 3/4/2007 6:45:18 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Corel Paint Shop Pro Photo XI.lnk [Ver = | Size = 1899 bytes | Created Date = 3/3/2007 2:05:53 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Corel Snapfire.lnk [Ver = | Size = 1878 bytes | Created Date = 3/3/2007 2:06:57 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Diskeeper.lnk [Ver = | Size = 1815 bytes | Created Date = 3/1/2007 5:44:58 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Converter.lnk [Ver = | Size = 676 bytes | Created Date = 3/20/2007 11:11:06 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk [Ver = | Size = 667 bytes | Created Date = 3/20/2007 11:11:26 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DriveImage XML.lnk [Ver = | Size = 640 bytes | Created Date = 3/5/2007 6:35:17 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\FastStone Image Viewer.lnk [Ver = | Size = 646 bytes | Created Date = 2/17/2007 4:26:18 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\GetDataBack for NTFS.lnk [Ver = | Size = 668 bytes | Created Date = 3/6/2007 12:52:45 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk [Ver = | Size = 718 bytes | Created Date = 3/17/2007 11:03:48 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero Home.lnk [Ver = | Size = 1341 bytes | Created Date = 3/11/2007 6:34:43 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart.lnk [Ver = | Size = 1423 bytes | Created Date = 3/11/2007 6:34:43 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Picasa2.lnk [Ver = | Size = 564 bytes | Created Date = 3/1/2007 7:41:40 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Shortcut to True ADSL Internet.lnk [Ver = | Size = 546 bytes | Created Date = 2/20/2007 9:11:56 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk [Ver = | Size = 656 bytes | Created Date = 3/2/2007 7:33:09 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Terminator.lnk [Ver = | Size = 655 bytes | Created Date = 2/4/2007 8:56:13 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk [Ver = | Size = 634 bytes | Created Date = 3/2/2007 5:56:00 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\ABF Microsoft Outlook Backup 2.3.5.75 + Serial + Crack.rar [Ver = | Size = 2699963 bytes | Created Date = 3/4/2007 10:11:37 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Advanced WindowsCare V2 Pro.lnk [Ver = | Size = 620 bytes | Created Date = 3/2/2007 4:59:04 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\autoruns.exe.lnk [Ver = | Size = 1036 bytes | Created Date = 2/14/2007 1:56:14 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Clipboard Magic.lnk [Ver = | Size = 563 bytes | Created Date = 3/20/2007 5:09:41 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\DivX Movies.lnk [Ver = | Size = 646 bytes | Created Date = 3/20/2007 11:11:26 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\DriverMax.lnk [Ver = | Size = 631 bytes | Created Date = 3/8/2007 2:45:19 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\DupKiller.lnk [Ver = | Size = 584 bytes | Created Date = 3/5/2007 12:03:02 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\ERUNT.lnk [Ver = | Size = 498 bytes | Created Date = 3/2/2007 7:09:03 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Eusing Free Registry Cleaner.lnk [Ver = | Size = 590 bytes | Created Date = 3/2/2007 7:45:48 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Foxit PDF Editor.lnk [Ver = | Size = 483 bytes | Created Date = 3/2/2007 8:05:49 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Foxit Reader.lnk [Ver = | Size = 731 bytes | Created Date = 3/2/2007 7:55:07 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Free Window Registry Repair.lnk [Ver = | Size = 594 bytes | Created Date = 3/8/2007 1:36:03 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\HijackThis.exe.lnk [Ver = | Size = 594 bytes | Created Date = 3/2/2007 5:19:09 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Infra Recorder.lnk [Ver = | Size = 649 bytes | Created Date = 3/12/2007 2:31:26 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\MWSnap 3.lnk [Ver = | Size = 508 bytes | Created Date = 3/8/2007 12:01:57 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\myuninst.exe.lnk [Ver = | Size = 1036 bytes | Created Date = 3/17/2007 7:58:48 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\netgear.cfg [Ver = | Size = 6530 bytes | Created Date = 2/21/2007 12:02:06 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\mikewill\Desktop\netgear.cfg:Zone.Identifier (26 bytes)
C:\Documents and Settings\mikewill\Desktop\NTREGOPT.lnk [Ver = | Size = 511 bytes | Created Date = 3/2/2007 7:09:03 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\OEQB.exe.lnk [Ver = | Size = 680 bytes | Created Date = 3/6/2007 3:19:01 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\PC Wizard 2007.lnk [Ver = | Size = 545 bytes | Created Date = 2/15/2007 9:42:24 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\PeerSpider.lnk [Ver = | Size = 1831 bytes | Created Date = 2/28/2007 4:08:57 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\SpyMe Tools.lnk [Ver = | Size = 539 bytes | Created Date = 3/15/2007 3:20:42 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Tcpview.exe.lnk [Ver = | Size = 1020 bytes | Created Date = 2/24/2007 12:37:55 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\TrueImage10.0_ug.en.pdf [Ver = | Size = 3210278 bytes | Created Date = 3/6/2007 6:38:32 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\mikewill\Desktop\TrueImage10.0_ug.en.pdf:Zone.Identifier (26 bytes)
C:\Documents and Settings\mikewill\Desktop\WinBackup.lnk [Ver = | Size = 1772 bytes | Created Date = 3/5/2007 5:00:04 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\winMd5Sum.lnk [Ver = | Size = 666 bytes | Created Date = 3/12/2007 1:55:06 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\WinRAR.lnk [Ver = | Size = 594 bytes | Created Date = 3/1/2007 5:35:38 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk [Ver = | Size = 1078 bytes | Created Date = 2/28/2007 2:48:36 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WordWeb.lnk [Ver = | Size = 693 bytes | Created Date = 3/18/2007 12:10:10 AM | Attr = ]
C:\WINDOWS\gmer.dll [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Created Date = 3/21/2007 3:05:18 AM | Attr = ]
C:\WINDOWS\gmer.exe [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Created Date = 3/21/2007 3:05:18 AM | Attr = ]
C:\WINDOWS\gmer.ini [Ver = | Size = 250 bytes | Created Date = 3/21/2007 3:05:33 AM | Attr = ]
C:\WINDOWS\gmer_uninstall.cmd [Ver = | Size = 80 bytes | Created Date = 3/21/2007 3:05:18 AM | Attr = ]
C:\WINDOWS\ODBC.INI [Ver = | Size = 28 bytes | Created Date = 2/12/2007 11:35:03 PM | Attr = ]
C:\WINDOWS\system.tmp [Ver = | Size = 231 bytes | Created Date = 2/14/2007 8:46:39 PM | Attr = ]
C:\WINDOWS\win.tmp [Ver = | Size = 2063 bytes | Created Date = 2/14/2007 8:46:39 PM | Attr = ]
C:\WINDOWS\win98Logo.ico [Ver = | Size = 766 bytes | Created Date = 2/22/2007 10:56:16 PM | Attr = ]
C:\WINDOWS\System32\7C609F0E6A.sys [Ver = | Size = 88 bytes | Created Date = 3/3/2007 1:51:51 AM | Attr = RHS]
C:\WINDOWS\System32\acrotls.dll Acronis [Ver = 1,0,0,2 | Size = 17440 bytes | Created Date = 2/9/2007 7:06:26 PM | Attr = ]
C:\WINDOWS\System32\AmeCfg.ini [Ver = | Size = 3005 bytes | Created Date = 2/20/2007 9:08:24 AM | Attr = ]
C:\WINDOWS\System32\AmeCSA.cpl Alcatel Microelectronics [Ver = 3, 0, 0, 9 | Size = 761856 bytes | Created Date = 2/20/2007 9:08:24 AM | Attr = ]
C:\WINDOWS\System32\amecsa.GID [Ver = | Size = 8628 bytes | Created Date = 2/21/2007 12:36:15 AM | Attr = H ]
C:\WINDOWS\System32\Amecsa.hlp [Ver = | Size = 31680 bytes | Created Date = 2/20/2007 9:08:23 AM | Attr = ]
C:\WINDOWS\System32\AMECSARemove.exe [Ver = | Size = 24576 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\AMEInstall.exe [Ver = | Size = 36864 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\Amelanpc.sys Alcatel Microelectronics [Ver = 3.2.23.16 | Size = 118347 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\AMELaunchUninst.exe [Ver = | Size = 28672 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\AmeLogo.bmp [Ver = | Size = 3958 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\AmeSplash.bmp [Ver = | Size = 864918 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\AMEUninst2000.exe [Ver = | Size = 90112 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\AmeUSB.inf [Ver = | Size = 13591 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\Api32.dll [Ver = | Size = 36864 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\AutoPartNt.exe Acronis [Ver = 8,0,0,341 | Size = 1245216 bytes | Created Date = 3/7/2007 1:38:54 AM | Attr = ]
C:\WINDOWS\System32\AutoPartNt.let [Ver = | Size = 1024 bytes | Created Date = 3/7/2007 1:38:54 AM | Attr = ]
C:\WINDOWS\System32\Chip.dll [Ver = | Size = 34308 bytes | Created Date = 3/1/2007 6:24:34 AM | Attr = ]
C:\WINDOWS\System32\Cleanup.exe [Ver = | Size = 106496 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\CsaLogo.bmp [Ver = | Size = 3958 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\CustomizeNdisParams.exe [Ver = | Size = 36864 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\DelCSA.exe [Ver = | Size = 24576 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\DisconnectPPPoE.exe [Ver = | Size = 28672 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\DivX.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Created Date = 2/23/2007 11:25:19 AM | Attr = ]
C:\WINDOWS\System32\DivXCodecUpdateChecker.exe DivX, Inc. [Ver = 6, 2, 5, 7 | Size = 124472 bytes | Created Date = 2/16/2007 8:40:35 AM | Attr = ]
C:\WINDOWS\System32\divxdec.ax DivX, Inc. [Ver = 6.5.1.0 | Size = 679936 bytes | Created Date = 2/23/2007 11:25:13 AM | Attr = ]
C:\WINDOWS\System32\DivXMedia.ax DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 2/23/2007 11:25:12 AM | Attr = ]
C:\WINDOWS\System32\DivXsm.exe DivX Inc. [Ver = 6, 5, 1, 0 | Size = 524288 bytes | Created Date = 2/23/2007 11:29:58 AM | Attr = ]
C:\WINDOWS\System32\divxsm.tlb [Ver = | Size = 4816 bytes | Created Date = 2/23/2007 11:29:58 AM | Attr = ]
C:\WINDOWS\System32\divx_xx07.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Created Date = 2/23/2007 11:25:19 AM | Attr = ]
C:\WINDOWS\System32\divx_xx0c.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Created Date = 2/23/2007 11:25:19 AM | Attr = ]
C:\WINDOWS\System32\divx_xx11.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 802816 bytes | Created Date = 2/23/2007 11:25:19 AM | Attr = ]
C:\WINDOWS\System32\dpl100.dll DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\dpu10.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 2/23/2007 11:25:22 AM | Attr = ]
C:\WINDOWS\System32\dpu11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 2/23/2007 11:25:22 AM | Attr = ]
C:\WINDOWS\System32\dpuGUI10.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 2/23/2007 11:25:23 AM | Attr = ]
C:\WINDOWS\System32\dpuGUI11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 2/23/2007 11:25:22 AM | Attr = ]
C:\WINDOWS\System32\dpus11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 2/23/2007 11:25:22 AM | Attr = ]
C:\WINDOWS\System32\dpv11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 2/23/2007 11:25:22 AM | Attr = ]
C:\WINDOWS\System32\DslDi32.dll [Ver = | Size = 28672 bytes | Created Date = 2/20/2007 8:50:18 AM | Attr = R ]
C:\WINDOWS\System32\dtu100.dll DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Created Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\FileList.ini [Ver = | Size = 4408 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\fw-usb.bin [Ver = | Size = 290256 bytes | Created Date = 2/20/2007 9:08:26 AM | Attr = ]
C:\WINDOWS\System32\Gains.ini [Ver = | Size = 312 bytes | Created Date = 2/20/2007 9:08:23 AM | Attr = ]
C:\WINDOWS\System32\GainSettings.exe [Ver = | Size = 45056 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\ImageDrive.cpl Nero AG [Ver = 3.0.0.12 | Size = 143360 bytes | Created Date = 3/12/2007 2:19:27 AM | Attr = ]
C:\WINDOWS\System32\INIT-USB.BIN [Ver = | Size = 1208 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\InstallMOF.bat [Ver = | Size = 29 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/1/2007 8:05:45 PM | Attr = ]
C:\WINDOWS\System32\javacpl.cpl Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 2/27/2007 9:19:46 PM | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/1/2007 8:05:45 PM | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 3/1/2007 8:05:45 PM | Attr = ]
C:\WINDOWS\System32\klogon.dll Kaspersky Lab [Ver = 6.0.2.614 | Size = 200768 bytes | Created Date = 1/29/2007 11:04:00 PM | Attr = ]
C:\WINDOWS\System32\libdivx.dll The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 2/23/2007 11:29:49 AM | Attr = ]
C:\WINDOWS\System32\madCHook.dll www.madshi.net [Ver = 2.2.2.0 | Size = 126464 bytes | Created Date = 3/15/2007 3:20:42 AM | Attr = ]
C:\WINDOWS\System32\MultLang.dll [Ver = 5, 0, 0, 1 | Size = 319488 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\NotifyPhoneBook.exe [Ver = | Size = 81920 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\Ntw98new.cat [Ver = | Size = 1 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\Packet.dll CACE Technologies [Ver = 4.0.0.755 | Size = 88952 bytes | Created Date = 1/26/2007 12:31:34 AM | Attr = ]
C:\WINDOWS\System32\PCWizard.cpl [Ver = 2007, 1, 7, 2 | Size = 27136 bytes | Created Date = 3/1/2007 9:19:19 PM | Attr = ]
C:\WINDOWS\System32\PnpFix.exe [Ver = | Size = 28672 bytes | Created Date = 2/20/2007 9:08:22 AM | Attr = ]
C:\WINDOWS\System32\PPPoE.mof [Ver = | Size = 564 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\Process.avi [Ver = | Size = 698880 bytes | Created Date = 2/20/2007 9:08:23 AM | Attr = ]
C:\WINDOWS\System32\pthreadVC.dll [Ver = | Size = 53299 bytes | Created Date = 1/26/2007 12:31:36 AM | Attr = ]
C:\WINDOWS\System32\pxafs.dll Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Created Date = 1/26/2007 10:55:40 PM | Attr = ]
C:\WINDOWS\System32\pxsfs.dll Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Created Date = 1/26/2007 10:55:40 PM | Attr = ]
C:\WINDOWS\System32\qt-dx331.dll [Ver = | Size = 3596288 bytes | Created Date = 2/23/2007 11:29:56 AM | Attr = ]
C:\WINDOWS\System32\Ras2000.exe [Ver = | Size = 36864 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\RasXP.exe [Ver = | Size = 65536 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\relog_ap.dll Acronis [Ver = 1,0,0,10 | Size = 14368 bytes | Created Date = 2/9/2007 8:39:26 PM | Attr = ]
C:\WINDOWS\System32\RemDial.exe [Ver = | Size = 32768 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\RenCSA.exe [Ver = | Size = 24576 bytes | Created Date = 2/20/2007 9:08:23 AM | Attr = ]
C:\WINDOWS\System32\RFC1483.inf [Ver = | Size = 9815 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\RShort2k.exe [Ver = | Size = 28672 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\snapapi.dll Acronis [Ver = 3.0 build 303 | Size = 206368 bytes | Created Date = 2/9/2007 6:49:24 PM | Attr = ]
C:\WINDOWS\System32\Snetcfg.exe Windows ® 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 12507 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\ssldivx.dll The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 2/23/2007 11:29:49 AM | Attr = ]
C:\WINDOWS\System32\UninstPPPoE.exe [Ver = | Size = 28672 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\usb_rfc.cat [Ver = | Size = 0 bytes | Created Date = 2/20/2007 9:08:22 AM | Attr = ]
C:\WINDOWS\System32\Utility.exe [Ver = | Size = 110592 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\WaitMsg.exe [Ver = 1, 0, 0, 1 | Size = 204800 bytes | Created Date = 2/20/2007 9:08:24 AM | Attr = ]
C:\WINDOWS\System32\WanPacket.dll CACE Technologies [Ver = 4.0.0.755 | Size = 68480 bytes | Created Date = 1/26/2007 12:31:34 AM | Attr = ]
C:\WINDOWS\System32\Wip.exe [Ver = | Size = 36864 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\WipCfg.ini [Ver = | Size = 101 bytes | Created Date = 2/20/2007 9:08:20 AM | Attr = ]
C:\WINDOWS\System32\WipDUN.exe [Ver = 1, 0, 0, 1 | Size = 241664 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\Wippppoe.dll [Ver = | Size = 38868 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\wippppoe.sys Alcatel Microelectronics [Ver = 1.0.0.10 | Size = 30024 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\wpcap.dll CACE Technologies [Ver = 4.0.0.755 | Size = 240496 bytes | Created Date = 1/26/2007 12:31:36 AM | Attr = ]
C:\WINDOWS\System32\Wp_mport.inf [Ver = | Size = 1695 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\Wp_proto.inf [Ver = | Size = 3299 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\drivers\amelanpc.sys Alcatel Microelectronics [Ver = 3.2.23.16 | Size = 118347 bytes | Created Date = 2/20/2007 9:08:25 AM | Attr = ]
C:\WINDOWS\System32\drivers\cmdmon.sys Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Created Date = 3/4/2007 6:44:56 PM | Attr = ]
C:\WINDOWS\System32\drivers\fidbox.dat [Ver = | Size = 40590624 bytes | Created Date = 1/2/1601 5:00:00 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox.idx [Ver = | Size = 547496 bytes | Created Date = 1/2/1601 5:00:00 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.dat [Ver = | Size = 2214688 bytes | Created Date = 1/2/1601 5:00:00 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.idx [Ver = | Size = 213416 bytes | Created Date = 1/2/1601 5:00:00 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fw-usb.bin [Ver = | Size = 290256 bytes | Created Date = 2/20/2007 9:08:26 AM | Attr = ]
C:\WINDOWS\System32\drivers\gmer.sys GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Created Date = 3/21/2007 3:05:18 AM | Attr = ]
C:\WINDOWS\System32\drivers\ikhfile.sys PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 2/14/2007 8:17:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\ikhlayer.sys PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 2/14/2007 8:17:33 PM | Attr = ]
C:\WINDOWS\System32\drivers\init-usb.bin [Ver = | Size = 1208 bytes | Created Date = 2/20/2007 9:08:21 AM | Attr = ]
C:\WINDOWS\System32\drivers\inspect.sys COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 3/4/2007 6:44:56 PM | Attr = ]
C:\WINDOWS\System32\drivers\IsDrv118.sys [Ver = | Size = 160955 bytes | Created Date = 1/21/2007 12:19:50 PM | Attr = ]
C:\WINDOWS\System32\drivers\kl1.sys Kaspersky Lab [Ver = 6.1.13.0 | Size = 109848 bytes | Created Date = 1/25/2007 7:27:38 PM | Attr = ]
C:\WINDOWS\System32\drivers\klick.dat [Ver = | Size = 75932 bytes | Created Date = 2/2/2007 2:05:57 PM | Attr = ]
C:\WINDOWS\System32\drivers\klif.sys Kaspersky Lab [Ver = 6.12.10.261 | Size = 175888 bytes | Created Date = 1/27/2007 5:52:46 PM | Attr = ]
C:\WINDOWS\System32\drivers\klin.dat [Ver = | Size = 74396 bytes | Created Date = 2/2/2007 2:05:57 PM | Attr = ]
C:\WINDOWS\System32\drivers\klop.dat [Ver = | Size = 23196 bytes | Created Date = 1/29/2007 11:09:14 PM | Attr = ]
C:\WINDOWS\System32\drivers\npf.sys CACE Technologies [Ver = 4.0.0.755 | Size = 42000 bytes | Created Date = 1/26/2007 12:31:34 AM | Attr = ]
C:\WINDOWS\System32\drivers\snapman.sys Acronis [Ver = 3.0 build 303 | Size = 114048 bytes | Created Date = 3/6/2007 11:38:11 PM | Attr = ]
C:\WINDOWS\System32\drivers\SNAPRSTR.SYS Acronis [Ver = 1.0 build 60 | Size = 605216 bytes | Created Date = 3/15/2007 2:13:38 AM | Attr = ]
C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [Ver = | Size = 135936 bytes | Created Date = 2/4/2007 8:59:15 PM | Attr = ]
C:\WINDOWS\System32\drivers\StrFilter.sys Windows ® 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 6511 bytes | Created Date = 2/20/2007 9:08:22 AM | Attr = ]
C:\WINDOWS\System32\drivers\tifsfilt.sys Acronis [Ver = 3.3 build 444 | Size = 32768 bytes | Created Date = 3/6/2007 11:38:29 PM | Attr = ]
C:\WINDOWS\System32\drivers\timntr.sys Acronis [Ver = 3.3 build 444 | Size = 392320 bytes | Created Date = 3/6/2007 11:38:29 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\hosts.20070320-215703.backup [Ver = | Size = 81683 bytes | Created Date = 3/20/2007 9:57:13 PM | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»

#24 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:50 PM

Part 6

»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

C:\boot.ini [Ver = | Size = 398 bytes | Modified Date = 3/15/2007 2:13:40 AM | Attr = HS]
C:\Documents and Settings\All Users.WINDOWS\Application Data\pswi_preloaded.exe [Ver = | Size = 1132112 bytes | Modified Date = 3/3/2007 2:06:52 AM | Attr = ]
C:\Documents and Settings\mikewill\Application Data\.googlewebacchosts [Ver = | Size = 12199 bytes | Modified Date = 3/20/2007 11:33:34 PM | Attr = ]
C:\Documents and Settings\mikewill\Local Settings\Application Data\IconCache.db [Ver = | Size = 12896978 bytes | Modified Date = 3/20/2007 11:33:40 PM | Attr = H ]
C:\Documents and Settings\mikewill\My Documents\informer.config [Ver = | Size = 2184 bytes | Modified Date = 3/8/2007 8:19:04 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Acronis True Image Home 10.0.lnk [Ver = | Size = 694 bytes | Modified Date = 3/6/2007 11:38:12 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware SE Professional.lnk [Ver = | Size = 753 bytes | Modified Date = 3/4/2007 6:59:04 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch SE Professional.lnk [Ver = | Size = 753 bytes | Modified Date = 3/4/2007 6:59:04 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Firewall Pro.lnk [Ver = | Size = 690 bytes | Modified Date = 3/4/2007 6:45:20 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Corel Paint Shop Pro Photo XI.lnk [Ver = | Size = 1899 bytes | Modified Date = 3/3/2007 2:05:54 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Corel Snapfire.lnk [Ver = | Size = 1878 bytes | Modified Date = 3/3/2007 2:06:58 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Diskeeper.lnk [Ver = | Size = 1815 bytes | Modified Date = 3/1/2007 6:21:34 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Converter.lnk [Ver = | Size = 676 bytes | Modified Date = 3/20/2007 11:11:08 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk [Ver = | Size = 667 bytes | Modified Date = 3/20/2007 11:11:28 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DriveImage XML.lnk [Ver = | Size = 640 bytes | Modified Date = 3/5/2007 6:35:18 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\FastStone Image Viewer.lnk [Ver = | Size = 646 bytes | Modified Date = 3/1/2007 7:31:26 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\GetDataBack for NTFS.lnk [Ver = | Size = 668 bytes | Modified Date = 3/6/2007 12:52:46 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk [Ver = | Size = 718 bytes | Modified Date = 3/17/2007 11:06:36 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Kurlo.lnk [Ver = | Size = 544 bytes | Modified Date = 3/1/2007 8:09:18 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Media Player Classic.lnk [Ver = | Size = 768 bytes | Modified Date = 3/9/2007 7:43:38 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk [Ver = | Size = 696 bytes | Modified Date = 3/1/2007 1:41:36 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero Home.lnk [Ver = | Size = 1341 bytes | Modified Date = 3/11/2007 6:34:44 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart.lnk [Ver = | Size = 1423 bytes | Modified Date = 3/11/2007 6:34:44 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Picasa2.lnk [Ver = | Size = 564 bytes | Modified Date = 3/1/2007 7:41:42 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Rainlendar2.lnk [Ver = | Size = 690 bytes | Modified Date = 3/1/2007 8:58:08 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Shortcut to True ADSL Internet.lnk [Ver = | Size = 546 bytes | Modified Date = 2/20/2007 9:11:58 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk [Ver = | Size = 656 bytes | Modified Date = 3/2/2007 7:33:10 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Terminator.lnk [Ver = | Size = 655 bytes | Modified Date = 3/2/2007 2:49:50 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk [Ver = | Size = 634 bytes | Modified Date = 3/2/2007 5:56:02 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\ABF Microsoft Outlook Backup 2.3.5.75 + Serial + Crack.rar [Ver = | Size = 2699963 bytes | Modified Date = 3/4/2007 10:18:54 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Advanced WindowsCare V2 Pro.lnk [Ver = | Size = 620 bytes | Modified Date = 3/2/2007 4:59:06 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\CCleaner.lnk [Ver = | Size = 654 bytes | Modified Date = 3/9/2007 6:09:52 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Clipboard Magic.lnk [Ver = | Size = 563 bytes | Modified Date = 3/20/2007 5:09:42 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\DivX Movies.lnk [Ver = | Size = 646 bytes | Modified Date = 3/20/2007 11:11:32 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\DriverMax.lnk [Ver = | Size = 631 bytes | Modified Date = 3/8/2007 2:45:20 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\DupKiller.lnk [Ver = | Size = 584 bytes | Modified Date = 3/5/2007 12:03:04 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\ERUNT.lnk [Ver = | Size = 498 bytes | Modified Date = 3/2/2007 7:09:04 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Eusing Free Registry Cleaner.lnk [Ver = | Size = 590 bytes | Modified Date = 3/2/2007 7:45:50 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\FileZilla.lnk [Ver = | Size = 666 bytes | Modified Date = 3/1/2007 6:09:54 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Foxit PDF Editor.lnk [Ver = | Size = 483 bytes | Modified Date = 3/2/2007 8:05:50 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Foxit Reader.lnk [Ver = | Size = 731 bytes | Modified Date = 3/2/2007 7:55:08 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Free Window Registry Repair.lnk [Ver = | Size = 594 bytes | Modified Date = 3/8/2007 1:36:04 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Gigaget.lnk [Ver = | Size = 610 bytes | Modified Date = 3/1/2007 5:07:56 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\HijackThis.exe.lnk [Ver = | Size = 594 bytes | Modified Date = 3/2/2007 5:19:10 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Infra Recorder.lnk [Ver = | Size = 649 bytes | Modified Date = 3/12/2007 2:31:28 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Maxthon.lnk [Ver = | Size = 638 bytes | Modified Date = 3/1/2007 2:00:46 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\MWSnap 3.lnk [Ver = | Size = 508 bytes | Modified Date = 3/8/2007 12:01:58 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\myuninst.exe.lnk [Ver = | Size = 1036 bytes | Modified Date = 3/17/2007 7:58:50 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\netgear.cfg [Ver = | Size = 6530 bytes | Modified Date = 2/21/2007 12:02:28 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\mikewill\Desktop\netgear.cfg:Zone.Identifier (26 bytes)
C:\Documents and Settings\mikewill\Desktop\NTREGOPT.lnk [Ver = | Size = 511 bytes | Modified Date = 3/2/2007 7:09:04 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\OEQB.exe.lnk [Ver = | Size = 680 bytes | Modified Date = 3/6/2007 3:19:02 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\PC Wizard 2007.lnk [Ver = | Size = 545 bytes | Modified Date = 3/1/2007 9:19:20 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\PeerSpider.lnk [Ver = | Size = 1831 bytes | Modified Date = 3/2/2007 8:00:44 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Smart Data Recovery.lnk [Ver = | Size = 687 bytes | Modified Date = 3/1/2007 1:45:20 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Spybot - Search & Destroy.lnk [Ver = | Size = 793 bytes | Modified Date = 3/1/2007 6:25:40 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\SpyMe Tools.lnk [Ver = | Size = 539 bytes | Modified Date = 3/15/2007 3:20:44 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\SpywareBlaster.lnk [Ver = | Size = 560 bytes | Modified Date = 3/1/2007 7:26:28 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\Tcpview.exe.lnk [Ver = | Size = 1020 bytes | Modified Date = 2/24/2007 12:37:56 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\TrueImage10.0_ug.en.pdf [Ver = | Size = 3210278 bytes | Modified Date = 3/6/2007 6:38:42 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\mikewill\Desktop\TrueImage10.0_ug.en.pdf:Zone.Identifier (26 bytes)
C:\Documents and Settings\mikewill\Desktop\WinBackup.lnk [Ver = | Size = 1772 bytes | Modified Date = 3/5/2007 5:00:06 PM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\winMd5Sum.lnk [Ver = | Size = 666 bytes | Modified Date = 3/12/2007 1:55:08 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\WinRAR.lnk [Ver = | Size = 594 bytes | Modified Date = 3/1/2007 5:35:40 AM | Attr = ]
C:\Documents and Settings\mikewill\Desktop\ZSoft Uninstaller.lnk [Ver = | Size = 672 bytes | Modified Date = 3/1/2007 4:58:16 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk [Ver = | Size = 1078 bytes | Modified Date = 2/28/2007 2:48:38 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WordWeb.lnk [Ver = | Size = 693 bytes | Modified Date = 3/18/2007 12:10:12 AM | Attr = ]
C:\Documents and Settings\mikewill\Start Menu\Programs\Startup\Clipboard Magic.lnk [Ver = | Size = 631 bytes | Modified Date = 3/20/2007 5:14:10 PM | Attr = ]
C:\Documents and Settings\mikewill\Start Menu\Programs\Startup\KO Approach.lnk [Ver = | Size = 591 bytes | Modified Date = 3/2/2007 3:05:52 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 3/20/2007 11:34:58 PM | Attr = S]
C:\WINDOWS\gmer.dll [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Modified Date = 3/21/2007 3:05:20 AM | Attr = ]
C:\WINDOWS\gmer.exe [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Modified Date = 3/7/2007 3:52:36 PM | Attr = ]
C:\WINDOWS\gmer.ini [Ver = | Size = 250 bytes | Modified Date = 3/21/2007 3:05:34 AM | Attr = ]
C:\WINDOWS\gmer_uninstall.cmd [Ver = | Size = 80 bytes | Modified Date = 3/21/2007 3:05:20 AM | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 3047 bytes | Modified Date = 3/20/2007 10:50:28 PM | Attr = ]
C:\WINDOWS\msvrc20.dll [Ver = | Size = 10073 bytes | Modified Date = 3/2/2007 4:22:24 AM | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 231 bytes | Modified Date = 3/9/2007 3:48:44 AM | Attr = ]
C:\WINDOWS\system.tmp [Ver = | Size = 231 bytes | Modified Date = 3/9/2007 3:48:44 AM | Attr = ]
C:\WINDOWS\System32\4457ACAD86.sys [Ver = | Size = 168 bytes | Modified Date = 3/3/2007 12:47:18 PM | Attr = RHS]
C:\WINDOWS\System32\7C609F0E6A.sys [Ver = | Size = 88 bytes | Modified Date = 3/3/2007 2:59:24 AM | Attr = RHS]
C:\WINDOWS\System32\AmeCfg.ini [Ver = | Size = 3005 bytes | Modified Date = 2/20/2007 9:08:28 AM | Attr = ]
C:\WINDOWS\System32\amecsa.GID [Ver = | Size = 8628 bytes | Modified Date = 2/21/2007 12:38:02 AM | Attr = H ]
C:\WINDOWS\System32\AutoPartNt.exe Acronis [Ver = 8,0,0,341 | Size = 1245216 bytes | Modified Date = 3/7/2007 1:38:56 AM | Attr = ]
C:\WINDOWS\System32\AutoPartNt.let [Ver = | Size = 1024 bytes | Modified Date = 3/7/2007 1:40:36 AM | Attr = ]
C:\WINDOWS\System32\BASSMOD.dll [Ver = | Size = 13312 bytes | Modified Date = 3/5/2007 3:02:26 AM | Attr = ]
C:\WINDOWS\System32\Chip.dll [Ver = | Size = 34308 bytes | Modified Date = 3/2/2007 7:34:38 PM | Attr = ]
C:\WINDOWS\System32\default_user_class.dat [Ver = | Size = 262144 bytes | Modified Date = 2/21/2007 12:42:52 AM | Attr = ]
C:\WINDOWS\System32\DivX.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2/23/2007 11:25:20 AM | Attr = ]
C:\WINDOWS\System32\divxdec.ax DivX, Inc. [Ver = 6.5.1.0 | Size = 679936 bytes | Modified Date = 2/23/2007 11:25:14 AM | Attr = ]
C:\WINDOWS\System32\DivXMedia.ax DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 2/23/2007 11:25:14 AM | Attr = ]
C:\WINDOWS\System32\DivXsm.exe DivX Inc. [Ver = 6, 5, 1, 0 | Size = 524288 bytes | Modified Date = 2/23/2007 11:30:00 AM | Attr = ]
C:\WINDOWS\System32\divxsm.tlb [Ver = | Size = 4816 bytes | Modified Date = 2/23/2007 11:30:00 AM | Attr = ]
C:\WINDOWS\System32\divx_xx07.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Modified Date = 2/23/2007 11:25:20 AM | Attr = ]
C:\WINDOWS\System32\divx_xx0c.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Modified Date = 2/23/2007 11:25:20 AM | Attr = ]
C:\WINDOWS\System32\divx_xx11.dll DivX, Inc. [Ver = 6.5.0.53 | Size = 802816 bytes | Modified Date = 2/23/2007 11:25:20 AM | Attr = ]
C:\WINDOWS\System32\dpl100.dll DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Modified Date = 2/23/2007 11:25:26 AM | Attr = ]
C:\WINDOWS\System32\dpu10.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\dpu11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\dpuGUI10.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\dpuGUI11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\dpus11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\dpv11.dll DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 2/23/2007 11:25:24 AM | Attr = ]
C:\WINDOWS\System32\dtu100.dll DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Modified Date = 2/23/2007 11:25:26 AM | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/1/2007 8:05:34 PM | Attr = ]
C:\WINDOWS\System32\javacpl.cpl Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 3/1/2007 8:05:34 PM | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/1/2007 8:05:34 PM | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 3/1/2007 8:05:34 PM | Attr = ]
C:\WINDOWS\System32\KGyGaAvL.sys [Ver = | Size = 7934 bytes | Modified Date = 3/3/2007 12:47:18 PM | Attr = HS]
C:\WINDOWS\System32\libdivx.dll The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 2/23/2007 11:29:50 AM | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 88566 bytes | Modified Date = 3/20/2007 6:28:42 PM | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 70738 bytes | Modified Date = 3/6/2007 3:16:06 PM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 437262 bytes | Modified Date = 3/6/2007 3:16:06 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 517938 bytes | Modified Date = 3/6/2007 3:16:06 PM | Attr = ]
C:\WINDOWS\System32\qt-dx331.dll [Ver = | Size = 3596288 bytes | Modified Date = 2/23/2007 11:29:58 AM | Attr = ]
C:\WINDOWS\System32\RFC1483.inf [Ver = | Size = 9815 bytes | Modified Date = 2/20/2007 9:08:28 AM | Attr = ]
C:\WINDOWS\System32\ssldivx.dll The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 2/23/2007 11:29:50 AM | Attr = ]
C:\WINDOWS\System32\toyhide.bmp [Ver = | Size = 3145782 bytes | Modified Date = 3/21/2007 2:29:36 AM | Attr = H ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2206 bytes | Modified Date = 3/18/2007 2:57:02 AM | Attr = ]
C:\WINDOWS\System32\wweb32.dll Antony Lewis [Ver = 5.0.0.0 | Size = 1042304 bytes | Modified Date = 3/2/2007 8:26:00 PM | Attr = ]
C:\WINDOWS\System32\drivers\cmdmon.sys Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 3/4/2007 6:44:56 PM | Attr = ]
C:\WINDOWS\System32\drivers\fidbox.dat [Ver = | Size = 40590624 bytes | Modified Date = 3/21/2007 4:08:46 AM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox.idx [Ver = | Size = 547496 bytes | Modified Date = 3/20/2007 11:34:04 PM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.dat [Ver = | Size = 2214688 bytes | Modified Date = 3/21/2007 4:19:36 AM | Attr = HS]
C:\WINDOWS\System32\drivers\fidbox2.idx [Ver = | Size = 213416 bytes | Modified Date = 3/20/2007 11:34:04 PM | Attr = HS]
C:\WINDOWS\System32\drivers\gmer.sys GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Modified Date = 3/21/2007 3:05:20 AM | Attr = ]
C:\WINDOWS\System32\drivers\inspect.sys COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 3/4/2007 6:44:56 PM | Attr = ]
C:\WINDOWS\System32\drivers\klick.dat [Ver = | Size = 75932 bytes | Modified Date = 3/15/2007 3:10:50 PM | Attr = ]
C:\WINDOWS\System32\drivers\klin.dat [Ver = | Size = 74396 bytes | Modified Date = 3/15/2007 3:10:50 PM | Attr = ]
C:\WINDOWS\System32\drivers\snapman.sys Acronis [Ver = 3.0 build 303 | Size = 114048 bytes | Modified Date = 3/6/2007 11:38:12 PM | Attr = ]
C:\WINDOWS\System32\drivers\SNAPRSTR.SYS Acronis [Ver = 1.0 build 60 | Size = 605216 bytes | Modified Date = 3/15/2007 2:13:42 AM | Attr = ]
C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [Ver = | Size = 135936 bytes | Modified Date = 3/10/2007 6:44:46 PM | Attr = ]
C:\WINDOWS\System32\drivers\tifsfilt.sys Acronis [Ver = 3.3 build 444 | Size = 32768 bytes | Modified Date = 3/6/2007 11:38:30 PM | Attr = ]
C:\WINDOWS\System32\drivers\timntr.sys Acronis [Ver = 3.3 build 444 | Size = 392320 bytes | Modified Date = 3/6/2007 11:38:30 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\hosts.20070320-215703.backup [Ver = | Size = 81683 bytes | Modified Date = 3/20/2007 7:11:14 PM | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
@Alternate Data Stream - C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2 (162 bytes)
@Alternate Data Stream - C:\Documents and Settings\mikewill\My Documents\-'mininova.org'-_Alcohol120_retail_196_4719_Crack_Working_By_Yes_no-((Demonoid.com))_1967398.4252.torrent:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\mikewill\My Documents\rtp606.pdf:Zone.Identifier (26 bytes)
[UPX! , UPX0 , ]C:\Documents and Settings\mikewill\Desktop\gorilla-1.4.exe (Equi4 Software)
[UPX! , UPX0 , ]C:\Documents and Settings\mikewill\Desktop\HijackThis.exe (Soeperman Enterprises Ltd.)
@Alternate Data Stream - C:\Documents and Settings\mikewill\Desktop\netgear.cfg:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\mikewill\Desktop\TrueImage10.0_ug.en.pdf:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\WINDOWS\ODBCINST.INI:hii (64 bytes)
@Alternate Data Stream - C:\WINDOWS\Thumbs.db:encryptable (0 bytes)
[WSUD , ]C:\WINDOWS\System32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
[UPX! , UPX0 , ]C:\WINDOWS\System32\PCWizard.cpl ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()
[PTech , ]C:\WINDOWS\System32\dllcache\mtlstrm.sys (Smart Link)
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\System32\drivers\etc\HOSTS ()
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\System32\drivers\etc\hosts.20070320-215703.backup ()

< End of report >

#25 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 03:53 PM

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 4:48:19 AM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe
D:\Program Files\tinySpell\tinyspell.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\Program Files\DeeP125\CoodClip\CoodClip.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
D:\Program Files\WordWeb\wweb32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\Program Files\Clipboard Magic\ClipboardMagic.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\KO Approach\Approach.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
D:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Giganology\Gigaget\Gigaget.exe
D:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\mikewill\Desktop\WinPFind\WinPFind.exe
D:\Program Files\Win32Pad\win32pad.exe
D:\Downloads\WinPcap_4_0.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\mikewill\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.th4u.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitPump] "D:\Program Files\AnalogX\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [Gigaget] "D:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CookieWall] D:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\mikewill\My Documents\Unzipped\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [TBC Pro] "D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe"
O4 - HKCU\..\Run: [tinySpell] D:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Magnifying Glass] "D:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe"
O4 - Startup: Clipboard Magic.lnk = D:\Program Files\Clipboard Magic\ClipboardMagic.exe
O4 - Startup: KO Approach.lnk = D:\Program Files\KO Approach\Approach.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: CoodClip.lnk = D:\Program Files\DeeP125\CoodClip\CoodClip.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Download All by Gigaget - D:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with BitPump - D:\Program Files\AnalogX\BitPump\ieint.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.th4u.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1490BC0F-C45F-459D-AB26-760E1C0D2FD1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

If some of my posts are not clear enough, please let me know and I will repost them.
Thank you very much!

Advertisements

Register to Remove

#26 random/random

MRU Expert

Malware Expert
481 posts

Posted 20 March 2007 - 03:55 PM

The GMER log showed some evidence of a rootkit

Download Catchme by GMER from here and save it your desktop
Double click on catchme.exe to launch Catchme
This will open a DOS window
When the scan has finished, this message will be displayed:

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Close the DOS window
A log will be created on your desktop called catchme.log
Use notepad to open the log
Copy and paste the contents of the log as a reply to this topic

Download AVG Anti Rootkit© by Grisoft and save it to your desktop.
Double-click on AVG_AntiRootkit.exe to run it.
Click I Agree to agree to the EULA.
By default it will install to "C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta"
Click Next to begin the installation then click Install
It will then ask you to reboot now to finish the installation.
Click Finish and your computer will reboot.
After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
Click on the Perform in-depth search button to begin the scan.
The scan will take a while so be patient and let it complete.
When the scan is finished, click the Save result to file button.
Save the scan results to your desktop
Copy and Paste the scan results here

Post back with the catchme log, the avg-antirootkit log and a new HijackThis log

#27 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 04:10 PM

catchme.log

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

#28 th4u

Authentic Member

Authentic Member
29 posts

Posted 20 March 2007 - 04:48 PM

Re: AVG_AntiRootkit
I performed in-depth search, and was informed (by a pop up window) that "No rootkits found". The Save result to file button is grayed out.

Re: HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 5:44:54 AM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\tinySpell\tinyspell.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\PSIService.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\tcpsvcs.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\UPHClean\uphclean.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
D:\Program Files\DeeP125\CoodClip\CoodClip.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
D:\Program Files\WordWeb\wweb32.exe
D:\Program Files\Clipboard Magic\ClipboardMagic.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\KO Approach\Approach.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\GRISOFT\AVG Anti-Rootkit Beta\antiRootkit.exe
D:\Program Files\Giganology\Gigaget\Gigaget.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mikewill\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.th4u.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitPump] "D:\Program Files\AnalogX\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [Gigaget] "D:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CookieWall] D:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\mikewill\My Documents\Unzipped\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [TBC Pro] "D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe"
O4 - HKCU\..\Run: [tinySpell] D:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Magnifying Glass] "D:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe"
O4 - Startup: Clipboard Magic.lnk = D:\Program Files\Clipboard Magic\ClipboardMagic.exe
O4 - Startup: KO Approach.lnk = D:\Program Files\KO Approach\Approach.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: CoodClip.lnk = D:\Program Files\DeeP125\CoodClip\CoodClip.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Download All by Gigaget - D:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with BitPump - D:\Program Files\AnalogX\BitPump\ieint.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.th4u.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1490BC0F-C45F-459D-AB26-760E1C0D2FD1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Edited by th4u, 20 March 2007 - 04:56 PM.

#29 random/random

MRU Expert

Malware Expert
481 posts

Posted 21 March 2007 - 01:13 PM

Can you provide a description of your remaining problems?

#30 th4u

Authentic Member

Authentic Member
29 posts

Posted 21 March 2007 - 03:29 PM

I was forced to reinstall the system again. My PC didn't boot. So I installed it on top of current installation.
The boot process is very very sloooow. It takes over five min. to boot the system. Some programs didn't start even they are in the start up folder. I got many errors just after the boot: "a program should be closed", or at times, "this program cannot be closed because it is locked by the system". A few times I get a black screen - the system reboots by itself...
When I open OE (after it was closed normally), I get "Message can't be displayed".

Here is my new log:

Logfile of HijackThis v1.99.1
Scan saved at 4:24:58 AM, on 3/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\DeeP125\CoodClip\CoodClip.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
D:\Program Files\WordWeb\wweb32.exe
D:\Program Files\Clipboard Magic\ClipboardMagic.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\KO Approach\Approach.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Giganology\Gigaget\Gigaget.exe
D:\Program Files\tinySpell\tinyspell.exe
C:\Documents and Settings\mikewill\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.th4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitPump] "D:\Program Files\AnalogX\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [Gigaget] "D:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CookieWall] D:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\mikewill\My Documents\Unzipped\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [TBC Pro] "D:\Program Files\TitleBarClock Pro(new)\Tbcpro.exe"
O4 - HKCU\..\Run: [tinySpell] D:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Clipboard Magic.lnk = D:\Program Files\Clipboard Magic\ClipboardMagic.exe
O4 - Startup: KO Approach.lnk = D:\Program Files\KO Approach\Approach.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: CoodClip.lnk = D:\Program Files\DeeP125\CoodClip\CoodClip.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Download All by Gigaget - D:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with BitPump - D:\Program Files\AnalogX\BitPump\ieint.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.th4u.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1490BC0F-C45F-459D-AB26-760E1C0D2FD1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{1490BC0F-C45F-459D-AB26-760E1C0D2FD1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Body Background

skin color theme