View Full Version : Smitfraud-C.Toolbar888...
yea.. i do aslo have this shit on my computor :( , Grateful for any help you guys can give me because i cant get this off my computor.
Changed Hijackthis name to "rolig"
Here is the Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 05:34:34, on 2007-05-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Winamp\winampa.exe
C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\Program\GameFace Messenger\GameFace.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CA89674-36CF-40A4-99D6-3D764068E8DA} - (no file)
O2 - BHO: (no name) - {4C9DC3B8-3474-40E9-948A-AB94094C92EF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Ludde\LOKALA~1\Temp\isDel.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: fccyaaa - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Eset - (no file)
O23 - Service: Norman ZANDA - Eset - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Hope I did this right!
Hello Luver and welcome to the Forums :)
You're infected.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
:bigthumb:
VundoFix didnt find anything :S but i post the logs just in case. I did remove some threats with my Anti virus program but in the HijackThis log i see: ddaby fccyaaa, pmkhe . which i know is a virus
VundoFix log:
VundoFix V6.3.21
Checking Java version...
Sun Java not detected
Scan started at 17:24:42 2007-05-08
Listing files found while scanning....
No infected files were found.
Beginning removal...
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 17:36:51, on 2007-05-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CA89674-36CF-40A4-99D6-3D764068E8DA} - (no file)
O2 - BHO: (no name) - {4C9DC3B8-3474-40E9-948A-AB94094C92EF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Ludde\LOKALA~1\Temp\isDel.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: fccyaaa - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Eset - (no file)
O23 - Service: Norman ZANDA - Eset - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ok good.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
:bigthumb:
thanks for the fast answer :)
Here is the ComboFix log:
"Ludde" - 2007-05-08 20:37:55 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Ludde\Skrivbord\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\drivers\npf.sys
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm
-------\NPF
((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))
2007-05-08 17:08 <KAT> d-------- C:\DOCUME~1\Test\APPLIC~1\Talkback
2007-05-08 17:06 786,432 --ah----- C:\DOCUME~1\Test\NTUSER.DAT
2007-05-08 17:06 <KAT> d-------- C:\DOCUME~1\Test\Mallar
2007-05-08 17:06 <KAT> d-------- C:\DOCUME~1\Test\Lokala inst„llningar
2007-05-08 17:06 <KAT> d-------- C:\DOCUME~1\Test\Favoriter
2007-05-07 15:56 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Turbine
2007-05-06 17:17 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-06 17:06 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-06 15:19 512 --a------ C:\ScanSectorLog.dat
2007-05-06 14:56 2,766,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-06 14:56 17,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-06 05:56 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-06 05:55 <KAT> d-------- C:\WINDOWS\Internet Logs
2007-05-06 04:28 335 --a------ C:\WINDOWS\mozregistry.dat
2007-05-06 03:45 <KAT> d-------- C:\VundoFix Backups
2007-05-06 01:58 <KAT> d-------- C:\DOCUME~1\LOCALS~1\Start-meny
2007-05-04 01:16 <KAT> d-------- C:\NVIDIA
2007-05-04 01:09 <KAT> d-------- C:\Program\SystemRequirementsLab
2007-05-04 01:09 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\SystemRequirementsLab
2007-05-03 21:27 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Help
2007-05-03 21:19 <KAT> d-------- C:\Norman
2007-05-03 20:55 10,069 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-05-03 20:55 <KAT> d-------- C:\Program\Advanced Spyware Remover Pro
2007-05-03 19:38 <KAT> d-------- C:\Program\RegCure
2007-05-03 19:33 <KAT> d-------- C:\Program\ParetoLogic
2007-05-03 19:33 <KAT> d-------- C:\Program\Delade filer\ParetoLogic
2007-05-03 19:33 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-05-03 19:27 <KAT> d-------- C:\Program\XoftSpySE
2007-05-03 19:14 <KAT> d-------- C:\Program\SpywareBlaster
2007-05-03 19:10 <KAT> d-------- C:\Program\CA
2007-05-02 13:53 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-29 17:36 <KAT> d-------- C:\Program\DAEMON Tools
2007-04-26 23:02 <KAT> d-------- C:\Program\TibiaCam TV Lite
2007-04-25 23:30 <KAT> d-------- C:\Program\Steam
2007-04-24 22:53 <KAT> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-24 22:50 161,701 --a------ C:\WINDOWS\PowerHEX Uninstaller.exe
2007-04-24 22:50 <KAT> d-------- C:\Program\PowerHEX
2007-04-24 22:50 <KAT> d-------- C:\Program\Delade filer\Thraex Software
2007-04-21 00:17 <KAT> d-------- C:\Program\PlayLogic
2007-04-19 21:51 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\AdobeUM
2007-04-18 19:22 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Wireshark
2007-04-18 19:13 <KAT> d-------- C:\Program\Wireshark
2007-04-18 01:07 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Publish Providers
2007-04-18 01:06 <KAT> d-------- C:\DOCUME~1\Ludde\APPLIC~1\Sony
2007-04-17 23:56 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-04-17 23:56 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-04-17 23:55 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-17 11:30 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-04-17 11:28 <KAT> d-------- C:\Program\Vstplugins
2007-04-17 11:28 <KAT> d-------- C:\Program\Sony
2007-04-17 11:26 <KAT> d-------- C:\Program\Sony Setup
2007-04-16 20:49 <KAT> d-------- C:\Program\TechSmith
2007-04-16 20:49 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-04-16 20:44 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-08 15:17:05 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\dvdcss
2007-05-07 10:23:39 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\Hamachi
2007-05-06 14:38:55 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\uTorrent
2007-05-03 19:19:20 -------- d--h--w C:\Program\InstallShield Installation Information
2007-05-01 23:25:17 -------- d-----w C:\Program\BlackD
2007-04-28 13:07:53 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-16 20:52:04 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-16 18:39:18 -------- d-----w C:\Program\DC++
2007-03-31 13:00:37 -------- d--h--r C:\DOCUME~1\Ludde\APPLIC~1\SecuROM
2007-03-31 13:00:36 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-29 18:02:49 -------- d-----w C:\Program\TibiaOT7.6
2007-03-29 11:25:53 407,168 ----a-w C:\WINDOWS\system32\pr2ahqjb.exe
2007-03-27 14:55:27 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-03-26 17:56:28 62,728 ----a-w C:\WINDOWS\system32\perfc01D.dat
2007-03-26 17:56:28 383,448 ----a-w C:\WINDOWS\system32\perfh01D.dat
2007-03-23 15:24:02 67,762 ----a-w C:\WINDOWS\War3Unin.dat
2007-03-23 15:16:34 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-03-23 15:16:34 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-03-17 13:47:35 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 11:43:01 -------- d-----w C:\Program\PeerGuardian2
2007-03-14 12:09:29 -------- d-----w C:\Program\DVD Decrypter
2007-03-14 08:08:20 -------- d-----w C:\DOCUME~1\Ludde\APPLIC~1\Ahead
2007-03-12 20:28:57 1,265 ----a-w C:\WINDOWS\mozver.dat
2007-03-12 07:41:16 -------- d-----w C:\Program\AGEIA Technologies
2007-03-11 23:16:39 -------- d-----w C:\Program\ASUS WiFi-AP Solo
2007-03-08 15:51:48 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:51:48 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:51:48 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:49:53 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-03 09:03:09 82,774 ----a-w C:\WINDOWS\Uninstall Jade Empire.exe
2007-03-02 22:26:35 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-03-02 21:57:27 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-02 21:06:28 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-03-02 20:49:27 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-02 20:23:54 0 --sha-r C:\MSDOS.SYS
2007-03-02 20:23:54 0 --sha-r C:\IO.SYS
2007-03-02 20:23:54 0 ----a-w C:\CONFIG.SYS
2007-03-02 20:23:54 0 ----a-w C:\AUTOEXEC.BAT
2007-03-02 20:20:32 21,700 ----a-w C:\WINDOWS\system32\emptyregdb.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"="C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program\SPYBOT~1\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program\Java\jre1.5.0_11\bin\ssv.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CloneCDTray"="\"C:\\Program\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"WinampAgent"="C:\\Program\\Winamp\\winampa.exe"
"Adobe Photo Downloader"="\"C:\\Program\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
"SoundMAXPnP"="C:\\Program\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"Ai Nap"="\"C:\\Program Files\\ASUS\\Ai Nap\\AiNap.exe\""
"Launch Ai Booster"="\"C:\\Program\\ASUS\\Ai Booster\\OverClk.exe\""
"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"
"GameFace Messenger"="C:\\Program\\GameFace Messenger\\GameFace.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"
"AWMON"="\"C:\\Program\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"isDeleteMe"="\"C:\\WINDOWS\\system32\\cmd.exe\" /c \"C:\\DOCUME~1\\Ludde\\LOKALA~1\\Temp\\isDel.bat\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="C:\Program\ParetoLogic\Anti-Spyware\PASShlExt.dll"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaby
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaaa
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GameFace Messenger"="C:\\Program\\GameFace Messenger\\GameFace.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Pareto UNS.job
C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job
C:\WINDOWS\tasks\ParetoLogic Update.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 20:44:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-08 20:45:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-08 20:45
Hello :)
We'll scan a few files and then continue....
Go to virustotal.com (http://www.virustotal.com)
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\pr2ahqjb.exe
Click on Send
Wait for the scan to end.
Go to virustotal.com (http://www.virustotal.com)
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\mspriv32.dll
Click on Send
Wait for the scan to end.
Copy & Paste the scan results to here.
:bigthumb:
First one:
Complete scanning result of "pr2ahqjb.exe", received in VirusTotal at 05.09.2007, 23:24:56 (CET).
AhnLab-V3 2007.5.10.0 05.09.2007 no virus found
AntiVir 7.4.0.15 05.09.2007 no virus found
Authentium 4.93.8 05.08.2007 no virus found
Avast 4.7.997.0 05.09.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.09.2007 no virus found
CAT-QuickHeal 9.00 05.09.2007 no virus found
ClamAV devel-20070416 05.09.2007 no virus found
DrWeb 4.33 05.09.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3621 05.09.2007 no virus found
Ewido 4.0 05.09.2007 no virus found
FileAdvisor 1 05.09.2007 no virus found
Fortinet 2.85.0.0 05.09.2007 no virus found
F-Prot 4.3.2.48 05.09.2007 no virus found
F-Secure 6.70.13030.0 05.09.2007 no virus found
Ikarus T3.1.1.7 05.09.2007 no virus found
Kaspersky 4.0.2.24 05.09.2007 no virus found
McAfee 5027 05.09.2007 no virus found
Microsoft 1.2503 05.09.2007 no virus found
NOD32v2 2255 05.09.2007 no virus found
Norman 5.80.02 05.09.2007 no virus found
Panda 9.0.0.4 05.09.2007 no virus found
Prevx1 V2 05.09.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.09.2007 no virus found
TheHacker 6.1.6.110 05.08.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.09.2007 no virus found
Webwasher-Gateway 6.0.1 05.09.2007 Win32.Vulnerable.gen!High (suspicious)
Second one:
Complete scanning result of "mspriv32.dll", received in VirusTotal at 05.09.2007, 23:33:02 (CET).
AhnLab-V3 2007.5.10.0 05.09.2007 no virus found
AntiVir 7.4.0.15 05.09.2007 no virus found
Authentium 4.93.8 05.08.2007 no virus found
Avast 4.7.997.0 05.09.2007 no virus found
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.09.2007 no virus found
CAT-QuickHeal 9.00 05.09.2007 no virus found
ClamAV devel-20070416 05.09.2007 no virus found
DrWeb 4.33 05.09.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3621 05.09.2007 no virus found
Ewido 4.0 05.09.2007 no virus found
FileAdvisor 1 05.09.2007 no virus found
Fortinet 2.85.0.0 05.09.2007 no virus found
F-Prot 4.3.2.48 05.09.2007 no virus found
F-Secure 6.70.13030.0 05.09.2007 no virus found
Ikarus T3.1.1.7 05.09.2007 no virus found
Kaspersky 4.0.2.24 05.09.2007 no virus found
McAfee 5027 05.09.2007 no virus found
Microsoft 1.2503 05.09.2007 no virus found
NOD32v2 2255 05.09.2007 no virus found
Norman 5.80.02 05.09.2007 no virus found
Panda 9.0.0.4 05.09.2007 no virus found
Prevx1 V2 05.09.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.09.2007 no virus found
TheHacker 6.1.6.110 05.08.2007 no virus found
VBA32 3.12.0 05.09.2007 no virus found
VirusBuster 4.3.7:9 05.09.2007 no virus found
Webwasher-Gateway 6.0.1 05.09.2007 no virus found
Hello :)
We'll continue...
You seem to have some Norman leftovers running. Yuo have uninstalled the program, right? Please run this uninstall tool -> link (http://www.norman.com/Support/Knowledge_bases/Norman_Virus_Control/Windows/installation/11640/)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
==================
At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...
Disable Ad-Aware Ad-Watch realtime protection
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both of those boxes.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {1CA89674-36CF-40A4-99D6-3D764068E8DA} - (no file)
O2 - BHO: (no name) - {4C9DC3B8-3474-40E9-948A-AB94094C92EF} - (no file)
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Ludde\LOKALA~1\Temp\isDel.bat"
O20 - Winlogon Notify: ddaby - C:\WINDOWS\
O20 - Winlogon Notify: fccyaaa - C:\WINDOWS\
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
Done. But I understood wrong with how to deal with the threats and they got deleted. I hope it doesnt ruin anything.
AVG Scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 01:14:34 2007-05-11
+ Scan result:
:mozilla.229:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.440:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.470:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.471:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.248:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.249:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.708:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.709:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.254:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.255:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.287:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.691:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.672:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.673:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.674:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.293:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.334:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.741:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.370:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.371:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.743:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.372:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.407:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.408:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.712:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.713:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.714:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.715:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.692:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.7:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.8:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.9:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.716:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.717:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.465:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.58:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.498:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.499:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.500:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.501:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.502:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.503:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.504:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.646:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.273:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.549:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.550:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.551:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.552:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.553:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.693:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.694:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.719:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.572:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.573:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.574:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.581:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.582:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.612:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.613:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.695:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.630:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.53:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Profiles\uzltzsvy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Downloads\zoomed.vegas6.incl.keygen.2006\KEYGEN\SONYkeygen.exe -> Trojan.Pakes.edg : Cleaned.
C:\Downloads\zoomed.vegas6.incl.keygen.2006\zoomed.vegas6.incl.keygen.2006.part01.rar/KEYGEN\SONYkeygen.exe -> Trojan.Pakes.edg : Cleaned.
::Report end
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:59:09, on 2007-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Eset - (no file)
O23 - Service: Norman ZANDA - Eset - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hello :)
That is ok...Did you run the Norman uninstaller?
Please run a GMER Rootkit scan:
Download GMER's application from here:
http://www.gmer.net/gmer.zip
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.
About the Norman stuff, i did download the uninstaller and it did say norman got uninstalled. Why its there is because i tried it and it sucked. and when i was going to remove it it didnt want too so i started to delete the folders in anger :)
Anyway heres the GMER log:
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-11 21:50:54
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver
INT 0x20 srescan.sys F70B09D0
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C4C 80503B28 12 Bytes [ F0, C1, 41, BA, 80, 24, 42, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys Det går inte att komma åt filen eftersom den
används av en annan process.
? srescan.sys Det går inte att hitta filen.
.text USBPORT.SYS!DllUnload F6BF27AE 5 Bytes JMP 86179780
? System32\Drivers\aqdqkkpe.SYS Det går inte att hitta filen.
? C:\WINDOWS\system32\DRIVERS\update.sys
.text ntkrnlpa.exe!ZwYieldExecution + 31F4 80503B28 12 Bytes [ F0, C1, 41, BA, 80, 24, 42, ... ]
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1896] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ]
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!SetScrollInfo 7E369046 7 Bytes JMP 01C8B7C6 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!GetScrollInfo 7E3717D8 7 Bytes JMP 01C8B74E C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!ShowScrollBar 7E37F2E7 5 Bytes JMP 01C8B84A C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!GetScrollPos 7E37F6F4 5 Bytes JMP 01C8B776 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!SetScrollPos 7E37F740 5 Bytes JMP 01C8B7F1 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!GetScrollRange 7E37F777 5 Bytes JMP 01C8B79B C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!SetScrollRange 7E37F98B 5 Bytes JMP 01C8B81C C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\Winamp\winamp.exe[1944] USER32.dll!EnableScrollBar 7E3B7F55 7 Bytes JMP 01C8B726 C:\Program\Winamp\Plugins\gen_jumpex.dll
.text C:\Program\MSN Messenger\msnmsgr.exe[2828] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004DE392 C:\Program\MSN Messenger\MsnMsgr.Exe
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 865A01E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 865A01E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D2C1656-0195-4194-8CB3-D2341B04099E} IRP_MJ_PNP 8510A1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8613C1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 865311E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 865311E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 861321E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 861321E8
Contiune at next post~
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 861321E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CREATE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CREATE_NAMED_PIPE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CLOSE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_READ [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_WRITE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_EA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_EA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_FLUSH_BUFFERS [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_VOLUME_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_VOLUME_INFORMATION [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_DIRECTORY_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_FILE_SYSTEM_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_DEVICE_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_INTERNAL_DEVICE_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SHUTDOWN [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_LOCK_CONTROL [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CLEANUP [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_CREATE_MAILSLOT [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_SECURITY [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_SECURITY [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_POWER [F72AE712] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SYSTEM_CONTROL [F72D12C8] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_DEVICE_CHANGE [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_QUERY_QUOTA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_SET_QUOTA [F72D4AD2] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000056 IRP_MJ_PNP [F72D2238] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 865A31E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 861261E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 861261E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 865A21E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 865A21E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_INFORMATION 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_QUERY_QUOTA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\00000080 IRP_MJ_PNP 865301E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B526FD6D-CE46-41FD-9C5F-71ECCFBC25D7} IRP_MJ_PNP 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8510A1E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_CREATE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_CLOSE 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_INTERNAL_DEVICE_CONTROL 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_CLEANUP 8510A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C894C25-15B7-4336-86D9-7B3958BF0453} IRP_MJ_PNP 8510A1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8613C1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8613C1E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 861321E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 861321E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 865301E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 850FE1E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [BA42D8A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [BA42D8A0] vsdatant.sys
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 865301E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 850FE1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 850FE1E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 865301E8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 865301E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 865A31E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 865A31E8
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_CREATE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_CLOSE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_POWER 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_SYSTEM_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1 IRP_MJ_PNP 861157A0
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_CREATE 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_CLOSE 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_DEVICE_CONTROL 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_INTERNAL_DEVICE_CONTROL 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_POWER 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_SYSTEM_CONTROL 865A11E8
Device \Driver\si3132 \Device\Scsi\si31321 IRP_MJ_PNP 865A11E8
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_CREATE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_CLOSE 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_POWER 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 861157A0
Device \Driver\aqdqkkpe \Device\Scsi\aqdqkkpe1Port6Path0Target0Lun0 IRP_MJ_PNP 861157A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 850FA1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 850FA1E8
---- EOF - GMER 1.0.12 ----
Hello and sorry for the delay :)
We'll do some research....
Generate a HijackThis Startup list:
Open HijackThis: Click on "Open the Misc Tools Section"
Check the following boxes to the right of "Generate StartupList Log": List also minor sections (Full)
List empty sections (Complete)
Click "Generate StartupListLog"
Click "Yes" at the prompt.
A Notepad window will open with the contents of the HijackThis Startup list displayed
Copy & Paste that log to here
:bigthumb:
No problem man , your helping me to get rid of these bastards :).
Btw at the Steamapps i changed my account to ******@yahoo.com, dont want it published etc.
and i always thought "nwiz = nwiz.exe /install" was something suspicious , i dont know what it is.
anyway heres the log:
StartupList report, 2007-05-13, 23:32:28
StartupList version: 1.52.2
Started from : C:\Program Files\rolig\rolig.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program\Steam\Steam.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
c:\program\steam\steamapps\********@yahoo.com\counter-strike\hl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]
Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ASUS WiFi-AP Solo.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CloneCDTray = "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
WinampAgent = C:\Program\Winamp\winampa.exe
Adobe Photo Downloader = "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe
SoundMAX = "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
Ai Nap = "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
Launch Ai Booster = "C:\Program\ASUS\Ai Booster\OverClk.exe"
nod32kui = "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
GameFace Messenger = C:\Program\GameFace Messenger\GameFace.exe
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
ASUS SmartDoctor = C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
AWMON = "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Pareto UNS.job
ParetoLogic Anti-Spyware.job
ParetoLogic Update.job
RegCure Program Check.job
RegCure.job
XoftSpySE 2.job
XoftSpySE.job
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 5 477 bytes
Report generated in 0,016 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Hello :)
You didn't checkmark these 2 options before creating the log:
* List also minor sections (Full)
* List empty sections (Complete)
Please try again
hmm, im pretty sure i did check those 2 options,
another try hope this is right :).
The log:
StartupList report, 2007-05-14, 16:51:10
StartupList version: 1.52.2
Started from : C:\Program Files\rolig\rolig.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program\ASUS\Ai Booster\OverClk.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Winamp\winamp.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\rolig\rolig.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]
Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ASUS WiFi-AP Solo.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CloneCDTray = "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
WinampAgent = C:\Program\Winamp\winampa.exe
Adobe Photo Downloader = "C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"
SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe
SoundMAX = "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
Ai Nap = "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
Launch Ai Booster = "C:\Program\ASUS\Ai Booster\OverClk.exe"
nod32kui = "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
GameFace Messenger = C:\Program\GameFace Messenger\GameFace.exe
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
ASUS SmartDoctor = C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
AWMON = "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Pareto UNS.job
ParetoLogic Anti-Spyware.job
ParetoLogic Update.job
RegCure Program Check.job
RegCure.job
XoftSpySE 2.job
XoftSpySE.job
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 5 507 bytes
Report generated in 0,015 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Hmm we need another tool then....
Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent%20Runners.vbs
Save it to your silentrunners folder.
Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter
Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything
o yeah, a lot of text
The Silentrunners log:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output of all locations checked and all values found.
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ASUS SmartDoctor" = "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start" ["ASUSTeK Inc."]
"AWMON" = ""C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
"CloneCDTray" = ""C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"WinampAgent" = "C:\Program\Winamp\winampa.exe" [null data]
"Adobe Photo Downloader" = ""C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"" ["Adobe Systems Incorporated"]
"SoundMAXPnP" = "C:\Program\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]
"Ai Nap" = ""C:\Program Files\ASUS\Ai Nap\AiNap.exe"" [null data]
"Launch Ai Booster" = ""C:\Program\ASUS\Ai Booster\OverClk.exe"" [null data]
"nod32kui" = ""C:\Program\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"GameFace Messenger" = "C:\Program\GameFace Messenger\GameFace.exe" ["AceGain Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SnagIt Toolbar Loader"
\InProcServer32\(Default) = "C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Egenskapsförteckning för multimediefiler"
-> {HKLM...CLSID} = "Egenskapsförteckning för multimediefiler"
\InProcServer32\(Default) = "mmsys.cpl" [MS]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "Hantering av ICM-skanner"
-> {HKLM...CLSID} = "Hantering av ICM-skanner"
\InProcServer32\(Default) = "icmui.dll" [MS]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS-säkerhetssida"
-> {HKLM...CLSID} = "Shell-tillägg för säkerhet"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Egenskapssida för OLE-dokumentfiler"
-> {HKLM...CLSID} = "Egenskapssida för OLE-dokumentfiler"
\InProcServer32\(Default) = "docprop.dll" [MS]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Shell-tillägg för delning"
-> {HKLM...CLSID} = "Shell-tillägg för delning"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för PlusPack"
\InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" [MS]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärmskort"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för bildskärmskort"
\InProcServer32\(Default) = "deskadp.dll" [MS]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärm"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för bildskärm"
\InProcServer32\(Default) = "deskmon.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärmspanorering"
-> {HKLM...CLSID} = "Kontrollpanelstillägg för bildskärmspanorering"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "DS-säkerhetssida"
-> {HKLM...CLSID} = "Shell-tillägg för säkerhet"
\InProcServer32\(Default) = "dssec.dll" [MS]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Kompatibilitetssida"
-> {HKLM...CLSID} = "Kompatibilitetssida"
\InProcServer32\(Default) = "SlayerXP.dll" [MS]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Shell Scrap DataHandler"
-> {HKLM...CLSID} = "Shell Scrap DataHandler"
\InProcServer32\(Default) = "shscrap.dll" [MS]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Diskkopiering - tillägg"
-> {HKLM...CLSID} = "Diskkopiering - tillägg"
\InProcServer32\(Default) = "diskcopy.dll" [MS]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Shell-tillägg för Microsoft Windows Network-objekt"
-> {HKLM...CLSID} = "Shell-tillägg för Microsoft Windows Network-objekt"
\InProcServer32\(Default) = "ntlanui2.dll" [MS]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Hantering av ICM-bildskärm"
-> {HKLM...CLSID} = "Hantering av ICM-bildskärm"
\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Hantering av ICM-skrivare"
-> {HKLM...CLSID} = "Hantering av ICM-skrivare"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Shell-tillägg för webbutskrift"
-> {HKLM...CLSID} = "Shell-tillägg för webbutskrift"
\InProcServer32\(Default) = "printui.dll" [MS]
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
-> {HKLM...CLSID} = "Microsoft Disk Quota UI"
\InProcServer32\(Default) = "dskquoui.dll" [MS]
"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Portfölj"
-> {HKLM...CLSID} = "Portfölj"
\InProcServer32\(Default) = "syncui.dll" [MS]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikontillägg"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "fontext.dll" [MS]
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC-profil"
-> {HKLM...CLSID} = "ICC-profil"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS]
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Skrivarsäkerhetssida"
-> {HKLM...CLSID} = "Shell-tillägg för säkerhet"
\InProcServer32\(Default) = "rshx32.dll" [MS]
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Shell-tillägg för delning"
-> {HKLM...CLSID} = "Shell-tillägg för delning"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
-> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
\InProcServer32\(Default) = "deskperf.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO-tillägg"
-> {HKLM...CLSID} = "CryptPKO Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Tillägg för kryptografisk signering"
-> {HKLM...CLSID} = "CryptSig Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Nätverksanslutningar"
-> {HKLM...CLSID} = "Nätverksanslutningar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Nätverksanslutningar"
-> {HKLM...CLSID} = "Nätverksanslutningar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Skannrar och kameror"
-> {HKLM...CLSID} = "Skannrar och kameror"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Skannrar och kameror"
-> {HKLM...CLSID} = "Skannrar och kameror"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{905667aa-acd6-11d2-8080-00805f6596d2}" = "Skannrar och kameror"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Skannrar och kameror"
-> {HKLM...CLSID} = "Skannrar och kameror"
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Skannrar och kameror"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" [MS]
"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
-> {HKLM...CLSID} = "Remote Sessions CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\remotepg.dll" [MS]
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
-> {HKLM...CLSID} = "ExtractIcon Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS]
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Shell-tillägg för Windows Script Host"
-> {HKLM...CLSID} = "Shell Extension For Windows Script Host"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wshext.dll" [MS]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft-datalänk"
-> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
\InProcServer32\(Default) = "C:\Program\Delade filer\System\Ole DB\oledb32.dll" [MS]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
-> {HKLM...CLSID} = "Scheduling UI icon handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
-> {HKLM...CLSID} = "Scheduling UI property sheet handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Schemalagda aktiviteter"
-> {HKLM...CLSID} = "Schemalagda aktiviteter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults"
-> {HKLM...CLSID} = "Set Program Access and Defaults"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
-> {HKLM...CLSID} = "Auto Update Property Sheet Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [MS]
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Sök"
-> {HKLM...CLSID} = "Sök"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Hjälp och support"
-> {HKLM...CLSID} = "Hjälp och support"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Hjälp och support"
-> {HKLM...CLSID} = "Windows-säkerhet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Kör..."
-> {HKLM...CLSID} = "Kör..."
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"
-> {HKLM...CLSID} = "Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "E-post"
-> {HKLM...CLSID} = "E-post"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Administrationsverktyg"
-> {HKLM...CLSID} = "Administrationsverktyg"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Egenskapssida för tidigare versioner"
-> {HKLM...CLSID} = "Egenskapssida för tidigare versioner"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Tidigare versioner"
-> {HKLM...CLSID} = "Tidigare versioner"
\InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
-> {HKLM...CLSID} = "Audio Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
-> {HKLM...CLSID} = "Video Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
-> {HKLM...CLSID} = "Wav Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
-> {HKLM...CLSID} = "Avi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
-> {HKLM...CLSID} = "Midi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
-> {HKLM...CLSID} = "Video Thumbnail Extractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet Toolbar"
-> {HKLM...CLSID} = "Microsoft Internet Toolbar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Download Status"
-> {HKLM...CLSID} = "Download Status"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder"
-> {HKLM...CLSID} = "Augmented Shell Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
-> {HKLM...CLSID} = "Augmented Shell Folder 2"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search"
-> {HKLM...CLSID} = "In-pane search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility"
-> {HKLM...CLSID} = "Registry Tree Options Utility"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adress"
-> {HKLM...CLSID} = "&Adress"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Address EditBox"
-> {HKLM...CLSID} = "Address EditBox"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Shell Microsoft AutoComplete"
-> {HKLM...CLSID} = "Shell Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List"
-> {HKLM...CLSID} = "MRU AutoComplete List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
-> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
-> {HKLM...CLSID} = "Accessible"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
-> {HKLM...CLSID} = "Track Popup Bar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List"
-> {HKLM...CLSID} = "Microsoft History AutoComplete List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List"
-> {HKLM...CLSID} = "Microsoft Shell Folder AutoComplete List"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container"
-> {HKLM...CLSID} = "Microsoft Multiple AutoComplete List Container"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu"
-> {HKLM...CLSID} = "Shell Band Site Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"
-> {HKLM...CLSID} = "Shell DeskBarApp"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar"
-> {HKLM...CLSID} = "Shell DeskBar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
-> {HKLM...CLSID} = "Shell Rebar BandSite"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist"
-> {HKLM...CLSID} = "User Assist"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Globala mappinställningar"
-> {HKLM...CLSID} = "Globala mappinställningar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "IE Search Band"
-> {HKLM...CLSID} = "IE Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search"
-> {HKLM...CLSID} = "Web Search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
-> {HKLM...CLSID} = "TridentImageExtractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
-> {HKLM...CLSID} = "Favorites Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
-> {HKLM...CLSID} = "Shell Automation Inproc Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
-> {HKLM...CLSID} = "Microsoft Browser Architecture"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
-> {HKLM...CLSID} = "ISFBand OC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
-> {HKLM...CLSID} = "Search Assistant OC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"
-> {HKLM...CLSID} = "Shell DocObject Viewer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
-> {HKLM...CLSID} = "Internet-genväg"
\InProcServer32\(Default) = "shdocvw.dll" [MS]
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft-tjänst för tidigare adresser (URL)"
-> {HKLM...CLSID} = "Microsoft-tjänst för tidigare adresser (URL)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{FF393560-C2A7-11CF-BFF4-444553540000}" = "Tidigare"
-> {HKLM...CLSID} = "Tidigare"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Tillfälliga Internet-filer"
-> {HKLM...CLSID} = "Tillfälliga Internet-filer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Tillfälliga Internet-filer"
-> {HKLM...CLSID} = "Tillfälliga Internet-filer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"
-> {HKLM...CLSID} = "Microsoft Url Search Hook"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "Välkomstskärm för Internet Explorer 4.0 Suite"
-> {HKLM...CLSID} = "Välkomstskärm för Internet Explorer 4.0 Suite"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"
-> {HKLM...CLSID} = "CDF Extension Copy Hook"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet"
-> {HKLM...CLSID} = "Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"
-> {HKLM...CLSID} = "Explorer Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS]
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS]
"{88C6C381-2E85-11D0-94DE-444553540000}" = "Mappen ActiveX Cache"
-> {HKLM...CLSID} = "Mappen ActiveX Cache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS]
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"
-> {HKLM...CLSID} = "Subscription Mgr"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Mappen Subscriptions"
-> {HKLM...CLSID} = "Mappen Subscriptions"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
-> {HKLM...CLSID} = "WebCheckWebCrawler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"
-> {HKLM...CLSID} = "WebCheckChannelAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"
-> {HKLM...CLSID} = "TrayAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"
-> {HKLM...CLSID} = "Code Download Agent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"
-> {HKLM...CLSID} = "ConnectionAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"
-> {HKLM...CLSID} = "PostAgent"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"
-> {HKLM...CLSID} = "WebCheck SyncMgr Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Programhanteraren"
-> {HKLM...CLSID} = "Programhanteraren"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS]
"{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Uppräknare för installerade program"
-> {HKLM...CLSID} = "Uppräknare för installerade program"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS]
"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"
-> {HKLM...CLSID} = "Darwin App Publisher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS]
"{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
-> {HKLM...CLSID} = "Shell Image Verbs"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
-> {HKLM...CLSID} = "Shell Image Data Factory"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "Extraherare för GDI+-filminiatyrer"
-> {HKLM...CLSID} = "Extraherare för GDI+-filminiatyrer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Information om miniatyrer (DOC-filer)"
-> {HKLM...CLSID} = "Information om miniatyrer (DOC-filer)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "Extraherare för HTML-miniatyrer"
-> {HKLM...CLSID} = "Extraherare för HTML-miniatyrer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
-> {HKLM...CLSID} = "Shell Image Property Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS]
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Webbpubliceringsguiden"
-> {HKLM...CLSID} = "Webbpubliceringsguiden"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Guiden Beställ foton via Internet"
-> {HKLM...CLSID} = "Guiden Beställ foton via Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Objekt för webbpubliceringsguiden"
-> {HKLM...CLSID} = "Objekt för webbpubliceringsguiden"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Guiden Skaffa Passport"
-> {HKLM...CLSID} = "Guiden Skaffa Passport"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS]
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Komprimerad mapp"
-> {HKLM...CLSID} = "CompressedFolder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS]
"{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
-> {HKLM...CLSID} = "Compressed (zipped) Folder Right Drag Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS]
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
-> {HKLM...CLSID} = "Compressed (zipped) Folder SendTo Target"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS]
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Kanalfil"
-> {HKLM...CLSID} = "Channel"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Kanalgenväg"
-> {HKLM...CLSID} = "Kanalgenväg"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Channel Handler Object"
-> {HKLM...CLSID} = "Channel Handler Object"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"
-> {HKLM...CLSID} = "Channel Menu Handler Object"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"
-> {HKLM...CLSID} = "Channel Shortcut Property Pages"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cdfview.dll" [MS]
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" = "Extensions Manager Folder"
-> {HKLM...CLSID} = "Extensions Manager Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\extmgr.dll" [MS]
"{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
-> {HKLM...CLSID} = "Microsoft FTP Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\msieftp.dll" [MS]
"{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
-> {HKLM...CLSID} = "Microsoft DocProp Shell Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace ML Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Droplist Combo Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Time Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS]
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS]
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" [MS]
"{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" [MS]
"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS]
"{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
-> {HKLM...CLSID} = "MyDocs Drop Target"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS]
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
-> {HKLM...CLSID} = "MyDocs menu and properties"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS]
"{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
-> {HKLM...CLSID} = "Offline Files Folder Options"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Offlinefiler"
-> {HKLM...CLSID} = "Offlinefiler"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
-> {HKLM...CLSID} = "Microsoft Agent Character Property Sheet Handler"
\InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS]
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
-> {HKLM...CLSID} = "DfsShell Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfsshlex.dll" [MS]
"{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
-> {HKLM...CLSID} = "DropTarget-objekt för guiden Skriv ut foto"
\InProcServer32\(Default) = "C:\WINDOWS\system32\photowiz.dll" [MS]
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
-> {HKLM...CLSID} = "CAB-fil"
\InProcServer32\(Default) = "cabview.dll" [MS]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "Efter &personer..."
-> {HKLM...CLSID} = "Efter &personer..."
\InProcServer32\(Default) = "C:\Program\Outlook Express\wabfind.dll" [MS]
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"
-> {HKLM...CLSID} = "WMP Burn Audio CD Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"
-> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
-> {HKLM...CLSID} = "WMP Add To Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
"{1D2680C9-0E2A-469d-B787-065558BC7D43}" = "Fusion Cache"
-> {HKLM...CLSID} = "Fusion Cache"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mina delade mappar"
\InProcServer32\(Default) = "C:\Program\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program\Eset\nodshex.dll" [null data]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
"{FD6B9950-05A4-498F-AB7B-37B88922E82B}" = "PHShellEx Shell Extension"
-> {HKLM...CLSID} = "PHShellEx ContextMenu Shell Extension"
\InProcServer32\(Default) = "C:\Program\PowerHEX\PHShellEx.dll" [empty string]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}" = "ParetoLogic Anti-Spyware"
-> {HKLM...CLSID} = "PASShlExt Class"
\InProcServer32\(Default) = "C:\Program\ParetoLogic\Anti-Spyware\PASShlExt.dll" ["ParetoLogic Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
-> {HKLM...CLSID} = "Browseui preloader"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon"
-> {HKLM...CLSID} = "Component Categories cache daemon"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided)
-> {HKLM...CLSID} = "URL Exec Hook"
\InProcServer32\(Default) = "shell32.dll" [MS]
<<!>> "{51C55F9E-C308-4c95-89AB-8858D8AFD819}" = "ParetoLogic Anti-Spyware"
-> {HKLM...CLSID} = "PASShlExt Class"
\InProcServer32\(Default) = "C:\Program\ParetoLogic\Anti-Spyware\PASShlExt.dll" ["ParetoLogic Inc."]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
-> {HKLM...CLSID} = "Objektet PostBootReminder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
-> {HKLM...CLSID} = "Mapp för CD-bränning"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
-> {HKLM...CLSID} = "SysTray"
\InProcServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" [MS]
HKCU\Software\Microsoft\Command Processor\
"AutoRun" = (value not found)
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"Shell" = (value not found)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"load" = (value not found)
"run" = (value not found)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"Shell" = (value not found)
HKLM\Software\Microsoft\Command Processor\
"AutoRun" = (empty string)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (empty string)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"GinaDLL" = (value not found)
"Shell" = "Explorer.exe" [MS]
"Taskman" = (value not found)
"Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS]
"System" = (empty string)
HKLM\System\CurrentControlSet\Control\SafeBoot\Option\
"UseAlternateShell" = (value not found)
HKLM\System\CurrentControlSet\Control\SecurityProviders\
"SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKLM\System\CurrentControlSet\Control\Session Manager\
"BootExecute" = "autocheck autochk *"
HKLM\System\CurrentControlSet\Control\WOW\
"cmdline" = "C:\WINDOWS\system32\ntvdm.exe" [MS]
"wowcmdline" = "C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path\Debugger = "ntsd -d" [MS]
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\
HKLM\Software\Classes\PROTOCOLS\Filter\
application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
-> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
-> {HKLM...CLSID} = "AP Class Install Handler filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS]
text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
-> {HKLM...CLSID} = "WebView MIME Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program\Eset\nodshex.dll" [null data]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
-> {HKLM...CLSID} = "Open With Context Menu Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Snabbmeny för kryptering"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
PHShellEx\(Default) = "{FD6B9950-05A4-498F-AB7B-37B88922E82B}"
-> {HKLM...CLSID} = "PHShellEx ContextMenu Shell Extension"
\InProcServer32\(Default) = "C:\Program\PowerHEX\PHShellEx.dll" [empty string]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Snabbmeny för kryptering"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS]
Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
-> {HKLM...CLSID} = "Shell-tillägg för delning"
\InProcServer32\(Default) = "ntshrui.dll" [MS]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
Send To\(Default) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"
-> {HKLM...CLSID} = "Microsoft SendTo Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
Default executables:
--------------------
HKLM\Software\Classes\.bat\(Default) = "batfile"
HKLM\Software\Classes\batfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.cmd\(Default) = "cmdfile"
HKLM\Software\Classes\cmdfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.com\(Default) = "comfile"
HKLM\Software\Classes\comfile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.exe\(Default) = "exefile"
HKLM\Software\Classes\exefile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.hta\(Default) = "htafile"
HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*"
HKLM\Software\Classes\.pif\(Default) = "piffile"
HKLM\Software\Classes\piffile\shell\open\command\(Default) = ""%1" %*"
HKLM\Software\Classes\.scr\(Default) = "scrfile"
HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" /S"
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDriveTypeAutoRun" = (REG_DWORD) hex:0x00000091
{User Configuration|Administrative Templates|Windows Components|AutoPlay Policies|
Turn off Autoplay}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel\
HKCU\Software\Policies\Microsoft\Internet Explorer\Download\
HKLM\Software\Policies\Microsoft\Internet Explorer\Download\
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\
HKLM\Software\Policies\Microsoft\Internet Explorer\Security\
HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKCU\Software\Policies\Microsoft\Windows\Network Connections\
HKCU\Software\Policies\Microsoft\Windows\System\
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"dontdisplaylastusername" = (REG_DWORD) hex:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Interactive logon: Do not display last user name}
"legalnoticetext" = (REG_SZ) (empty string)
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Interactive logon: Message text for users attempting to log on}
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\HmmXP.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ludde\Application Data\Mozilla\Firefox\Firefox-bakgrund.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = (value not set)
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
C:\Documents and Settings\Default User\Lokala inställningar\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Default User\Lokala inställningar\Tidigare\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Default User\Lokala inställningar\Tidigare\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\078XGHI1\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\PERVBLGT\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\U48RAZF7\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\ZCY56SQX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Tidigare\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\0VW9ANUD\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\2G5VK9XU\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\K3GH0D8L\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\OP5U15IG\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Temporary Internet Files\Content.IE5\436Z6TUN\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Temporary Internet Files\Content.IE5\4JYT456T\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Temporary Internet Files\Content.IE5\97YX21MP\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Temporary Internet Files\Content.IE5\UXST2NIH\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Tidigare\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\Ludde\Lokala inställningar\Tidigare\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\2H0NORWH\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\4RWQRBWH\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\8A9YUQOE\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\KNY91QVP\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\assembly\DESKTOP.INI
[.ShellClassInfo]
CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS]
C:\WINDOWS\Downloaded Program Files\DESKTOP.INI
[.ShellClassInfo]
CLSID={88C6C381-2E85-11d0-94DE-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS]
C:\WINDOWS\Fonts\DESKTOP.INI
[.ShellClassInfo]
UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534}
-> {HKLM...CLSID}\InProcServer32\(Default) = "fontext.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\278N638D\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\GV6ZG3OF\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\K3E3QN8D\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\YB6HWR8V\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
C:\WINDOWS\Tasks\DESKTOP.INI
[.ShellClassInfo]
CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS]
Startup items in "Ludde" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\Ludde\Start-meny\Program\Autostart
C:\Documents and Settings\All Users\Start-meny\Program\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"ASUS WiFi-AP Solo" -> shortcut to: "C:\Program\ASUS WiFi-AP Solo\RtWLan.exe /H" ["ASUSTek Computer Inc."]
Enabled Scheduled Tasks:
------------------------
"Pareto UNS" -> launches: "C:\Program\Delade filer\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe" [file not found]
"ParetoLogic Anti-Spyware" -> launches: "C:\Program\ParetoLogic\Anti-Spyware\Pareto_AS.exe -quickscan -hidesplash" ["ParetoLogic Inc."]
"ParetoLogic Update" -> launches: "C:\Program\Delade filer\ParetoLogic\UUS\Pareto_Update.exe" [null data]
"RegCure Program Check" -> launches: "C:\Program\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program\RegCure\RegCure.exe -t" [null data]
"XoftSpySE 2" -> launches: "C:\Program\XoftSpySE\XoftSpy.exe ShowReminders" ["ParetoLogic"]
"XoftSpySE" -> launches: "C:\Program\XoftSpySE\XoftSpy.exe -t" ["ParetoLogic"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
----------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
-> {HKLM...CLSID} = "&Adress"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
-> {HKLM...CLSID} = "&Adress"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"
-> {HKLM...CLSID} = "&Länkar"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4D5C8C25-D075-11D0-B416-00C04FB90376}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Dagens tips"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\Software\Classes\CLSID\{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = "Shell Search Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\(Default) = "IE Search Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\(Default) = "File Search Explorer Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]
HKLM\Software\Classes\CLSID\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\(Default) = "Favorites Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\Software\Classes\CLSID\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\(Default) = "History Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\Software\Classes\CLSID\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\(Default) = "Explorer Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java-konsol"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]
Internet Explorer Address Prefixes:
-----------------------------------
Prefix for bare domain ("domain-name-here.com")
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Default Prefix\
(Default) = "http://"
Prefix for specific service (i.e., "www")
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\
"ftp" = "ftp://"
"gopher" = "gopher://"
"home" = "http://"
"mosaic" = "http://"
"www" = "http://"
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" -- no anomalies found)
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = (no title provided)
-> {HKLM...CLSID} = "Microsoft Url Search Hook"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
"DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
"NavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
"NavigationCanceled" = "res://shdoclc.dll/navcancl.htm" [MS]
"OfflineInformation" = "res://shdoclc.dll/offcancl.htm" [MS]
"Home" = hex:0x0000010E
"blank" = "res://mshtml.dll/blank.htm" [MS]
"PostNotCached" = "res://mshtml.dll/repost.htm" [MS]
HOSTS file
----------
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
"DataBasePath" = "C:\WINDOWS\System32\drivers\etc"
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 1 domain name to an IP address,
and this is the localhost IP address
All Running Services (Display Name, Service Name, Path {Service DLL}):
----------------------------------------------------------------------
Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, "C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe" [null data]
Application Layer Gateway Service, ALG, "C:\WINDOWS\System32\alg.exe" [MS]
ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]
Automatic Updates, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [MS]}
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
COM+ Event System, EventSystem, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\es.dll" [MS]}
Computer Browser, Browser, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]}
Cryptographic Services, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
DCOM Server Process Launcher, DcomLaunch, "C:\WINDOWS\system32\svchost -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [MS]}
DHCP Client, Dhcp, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
Distributed Link Tracking Client, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
DNS Client, Dnscache, "C:\WINDOWS\system32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
Error Reporting Service, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}
Event Log, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
Fast User Switching Compatibility, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
Help and Support, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
HID Input Service, HidServ, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\hidserv.dll" [MS]}
IPSEC Services, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [MS]
Logical Disk Manager, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" [MS]}
Läsartjänsten USN Journal för mappdelning i Messenger, usnjsvc, ""C:\Program\MSN Messenger\usnsvc.exe"" [MS]
Network Connections, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}
Network Location Awareness (NLA), Nla, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
NOD32 Kernel Service, NOD32krn, ""C:\Program\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
Print Spooler, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
Protected Storage, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
Remote Procedure Call (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\System32\rpcss.dll" [MS]}
Remote Registry, RemoteRegistry, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\regsvc.dll" [MS]}
Secondary Logon Service, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}
Security Accounts Manager, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
Security Center, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [MS]}
Server, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
Shell Hardware Detection, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
SSDP Discovery Service, SSDPSRV, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
System Event Notification, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}
System Restore Service, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [MS]}
Task Scheduler, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
TCP/IP NetBIOS Helper, LmHosts, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
Terminal Services, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" [MS]}
Themes, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
WebClient, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}
WIA (Windows Image Acquisition), stisvc, "C:\WINDOWS\system32\svchost.exe -k imgsvc" {"C:\WINDOWS\system32\wiaservc.dll" [MS]}
Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}
Windows Firewall/Internet Connection Sharing (ICS), SharedAccess, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]}
Windows Management Instrumentation, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}
Windows Time, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\w32time.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Wireless Zero Configuration, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
Workstation, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = "kbdclass" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor\Driver = "cnbjmon.dll" [MS]
Local Port\Driver = "localspl.dll" [MS]
PJL Language Monitor\Driver = "pjlmon.dll" [MS]
Standard TCP/IP Port\Driver = "tcpmon.dll" [MS]
USB Monitor\Driver = "usbmon.dll" [MS]
-- (total run time: 80 seconds)
<<!>>: Suspicious data at a malware launch point.
Ok one more scan...
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
It doesnt work for me. I have tried to switch off all my Anti virus programs and firewalls , i doesnt get any ActiveX question :S
Ok we may use this instead...
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
This topic has been archived due to lack of a response. :scratch:
If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
Thank you Mr_JAk3.