Mattiemcc
2009-04-13, 23:06
Below is the first log, the second i will post seperately as too long. I removed ASK toolbar before using add/remove programs. I am sure that I already did that earlier when I removed Zone Alarm as suggested. Not sure how or why it came back.
OTViewIt logfile created on: 13/04/2009 21:00:33 - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.35% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 74.91 Gb Free Space | 50.27% Space Free | Partition Type: NTFS
Drive D: | 1.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DESKTOP
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/03/24 09:32:26 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/03/24 09:32:32 | 01,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 08:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2008/02/27 18:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2003/04/24 16:58:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2009/03/26 10:03:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2009/03/24 09:32:39 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/03/24 09:32:30 | 01,932,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2004/05/20 04:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE
[2008/06/10 20:56:29 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2008/06/10 20:56:31 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[2009/03/12 21:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/10 20:56:27 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
[2005/04/15 15:36:24 | 00,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
[2005/04/27 03:07:38 | 00,491,520 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
[2009/03/12 21:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2009/04/13 16:36:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/05/26 22:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2008/05/26 22:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe
[2008/05/26 22:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2009/04/13 20:19:21 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/03/24 09:32:26 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2009/03/24 09:32:32 | 01,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 08:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/17 07:43:54 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/03/12 21:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/02/27 18:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/04/24 16:58:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2009/03/26 10:03:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])
[2009/04/13 16:36:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
========== Driver Services ==========
[2005/11/09 15:44:48 | 00,024,288 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running])
[2008/11/05 23:14:04 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx [On_Demand | Running])
[2008/11/05 23:14:04 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd [On_Demand | Stopped])
[2009/03/24 09:32:39 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/05 18:55:43 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/03/24 09:32:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [System | Running])
[2002/12/17 12:32:58 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2002/12/17 12:32:46 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2002/12/17 12:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2003/02/20 23:22:38 | 00,135,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2003/03/26 22:33:58 | 00,498,688 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2003/03/27 17:58:56 | 00,287,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2003/02/20 23:24:18 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2003/02/20 23:24:34 | 00,135,248 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/09/10 13:38:39 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2002/11/12 10:02:20 | 00,099,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Running])
[2005/04/01 10:42:20 | 00,066,048 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt [Auto | Running])
[2003/02/20 23:24:46 | 00,116,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2009/01/15 13:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/03/26 22:31:40 | 00,823,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2003/03/26 22:32:02 | 00,141,536 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Running])
[2008/04/13 20:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/09/10 13:38:39 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2008/06/09 21:12:08 | 00,018,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])
[2003/04/24 16:58:00 | 01,271,706 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/03/26 22:32:32 | 00,189,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2003/03/06 16:10:34 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT [Auto | Running])
[2008/06/10 21:04:26 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2003/07/16 17:36:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/09/10 13:38:39 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2005/11/03 20:39:02 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73 [On_Demand | Stopped])
[2005/04/21 13:33:12 | 00,112,384 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB [On_Demand | Running])
[2008/04/13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2002/10/02 08:57:12 | 00,013,532 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt [On_Demand | Running])
[2008/09/10 13:38:39 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Secondary Start Pages"=
"Start Page"=http://www.bbc.co.uk/
"Start Page Redirect Cache"=http://uk.msn.com/?ocid=iehp
"Start Page Redirect Cache AcceptLangs"=en-gb
"Start Page Redirect Cache_TIMESTAMP"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Secondary Start Pages"=
"Start Page"=http://www.bbc.co.uk/
"Start Page Redirect Cache"=http://uk.msn.com/?ocid=iehp
"Start Page Redirect Cache AcceptLangs"=en-gb
"Start Page Redirect Cache_TIMESTAMP"=
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (HKLM) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"EPSON Stylus Photo RX620 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620" (SEIKO EPSON CORPORATION)
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /S (PC Tools)
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /S (PC Tools)
========== (O4) Startup Folders ==========
[2005/04/15 15:36:24 | 00,745,472 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 12:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 12:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08E730A4-FB02-45BD-A900-01E4AD8016F6}: Button: Sky -- File not found
{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}: Button: PartyGammon.com -- File not found
{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}: Menu: PartyGammon.com -- File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 16:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-343818398-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221042487421 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233856919922 -- MUWebControl Class
{7530BFB8-7293-4D34-9923-61A11451AFC5}: http://download.eset.com/special/eos-beta/OnlineScanner.cab -- OnlineScanner Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239637020449&h=eeaa4e8cf85aabb937c1fa1490d463a1/&filename=jinstall-6u13-windows-i586-jc.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
========== (O17) DNS Name Servers ==========
{38031494-C6F8-4709-8ACE-DE83B9CE18EF} (Servers: | Description: 1394 Net Adapter)
{406D08B1-8A20-4A2C-B413-C2C55B9C1A39} (Servers: 10.0.2.30,10.0.2.20 | Description: Intel(R) PRO/1000 MTW Network Connection)
{52BEF3EA-8E24-430C-B10B-E4E41F6F6ABA} (Servers: | Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter)
{981C6584-01CB-4BA7-8A3E-8C80F4D5243B} (Servers: | Description: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C))
{CEF7ED92-760A-4217-9833-C335683176B0} (Servers: | Description: 1394 Net Adapter)
{ED00EB9B-BFD2-403A-9D16-6F7E4117D9A2} (Servers: | Description: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C))
========== (O19) User Style Sheets ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/09/10 10:53:05 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
Autorun []
[2005/10/15 08:42:09 | 00,253,952 | R--- | M] (Firaxis Games) -- D:\Autorun.exe -- [ UDF ]
autorun.exe [MZ | ]
[2005/10/15 08:42:09 | 00,253,952 | R--- | M] (Firaxis Games) -- D:\autorun.exe -- [ UDF ]
autorun.inf [[autorun] | OPEN=autorun.exe | ICON=Autorun\Civ4Installer.ico | LABEL=Sid Meier's Civilization 4 | | [appdata] | Mutex=Civ4 21031 | InstallFile=setup.exe | PlayFile=Civilization4.exe | RegKey=INSTALLDIR | | [0x09] | ;English | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. All Rights Reserved. Manufactured and marketed by Take Two Interactive, New York, NY. All trademarks are the property of their respective owners. | ExecPos=117,201 | InstallImage=Autorun\BTN01-Install.bmp | InstallHilite=Autorun\BTN01-Install_OVER.bmp | PlayImage=Autorun\BTN01-Play.bmp | PlayHilite=Autorun\BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\BTN02-ReadMe.bmp | ReadmeHilite=Autorun\BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\English\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\BTN03-Exit.bmp | ExitHilite=Autorun\BTN03-Exit_OVER.bmp | | [0x0c] | ;French | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Tous droits réservés. Fabriqué et commercialisé par Take Two Interactive, New York, NY. Toutes les marques commerciales sont la propriété de leurs détenteurs respectifs. | ExecPos=117,201 | InstallImage=Autorun\FR_BTN01-Install.bmp | InstallHilite=Autorun\FR_BTN01-Install_OVER.bmp | PlayImage=Autorun\FR_BTN01-Play.bmp | PlayHilite=Autorun\FR_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\FR_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\FR_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\French\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\FR_BTN03-Exit.bmp | ExitHilite=Autorun\FR_BTN03-Exit_OVER.bmp | | [0x10] | ;Italian | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Tutti i diritti riservati. Prodotto e distribuito da Take Two Interactive, New York, NY. Tutti i marchi sono di proprietà dei rispettivi detentori. | ExecPos=117,201 | InstallImage=Autorun\IT_BTN01-Install.bmp | InstallHilite=Autorun\IT_BTN01-Install_OVER.bmp | PlayImage=Autorun\IT_BTN01-Play.bmp | PlayHilite=Autorun\IT_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\IT_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\IT_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Italian\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\IT_BTN03-Exit.bmp | ExitHilite=Autorun\IT_BTN03-Exit_OVER.bmp | | [0x07] | ;German | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=© 2005 Firaxis Games, Inc. Alle Rechte vorbehalten. Herstellung und Vermarktung durch Take Two Interactive, New York, NY. Alle Warenzeichen sind Eigentum der jeweiligen Inhaber. | ExecPos=117,201 | InstallImage=Autorun\GE_BTN01-Install.bmp | InstallHilite=Autorun\GE_BTN01-Install_OVER.bmp | PlayImage=Autorun\GE_BTN01-Play.bmp | PlayHilite=Autorun\GE_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\GE_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\GE_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\German\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\GE_BTN03-Exit.bmp | ExitHilite=Autorun\GE_BTN03-Exit_OVER.bmp | | [0x0a] | ;Spanish | Background=Autorun\Civ4AutoRunBG.bmp | LegalPos=85,272,480 | LegalColor=255,255,255 | LegalShadow=0,0,0 | LegalFont=MS Sans Serif,8 | LegalStyle=bold | LegalText=©2005 Firaxis Games, Inc. Todos los derechos reservados. Creado y distribuido por Take Two Interactive, New York, NY. Todas las marcas comerciales pertenecen a sus respectivos propietarios. | ExecPos=117,201 | InstallImage=Autorun\SP_BTN01-Install.bmp | InstallHilite=Autorun\SP_BTN01-Install_OVER.bmp | PlayImage=Autorun\SP_BTN01-Play.bmp | PlayHilite=Autorun\SP_BTN01-Play_OVER.bmp | ReadmePos=265,202 | ReadmeImage=Autorun\SP_BTN02-ReadMe.bmp | ReadmeHilite=Autorun\SP_BTN02-ReadMe_OVER.bmp | ReadmeFile=Readme\Spanish\Readme.htm | ExitPos=412,200 | ExitImage=Autorun\SP_BTN03-Exit.bmp | ExitHilite=Autorun\SP_BTN03-Exit_OVER.bmp | ]
[2005/10/15 08:42:09 | 00,004,118 | R--- | M] () -- D:\autorun.inf -- [ UDF ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\autorun.exe -- [2005/10/15 08:42:09 | 00,253,952 | R--- | M] (Firaxis Games)
========== Files/Folders - Created Within 30 Days ==========
[9 C:\WINDOWS\*.tmp files]
[2009/04/13 20:19:12 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/04/13 16:36:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/04/13 16:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/04/13 11:39:11 | 00,000,000 | ---D | C] -- C:\Program Files\OxigenInstall
[2009/04/12 21:48:44 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe
[2009/04/12 21:47:28 | 00,278,161 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2009/04/12 18:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/04/12 17:34:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/04/12 17:34:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/12 17:34:55 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/12 17:34:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/12 17:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/12 17:34:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/12 17:33:47 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2009/04/12 14:33:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/12 14:08:53 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/12 14:08:49 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/12 14:08:42 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/12 14:07:37 | 00,219,648 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/12 14:07:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/12 14:07:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/12 14:07:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/12 14:07:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/12 14:07:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/12 14:07:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/12 14:07:37 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/12 14:06:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/12 13:56:53 | 03,073,735 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2009/04/12 13:40:57 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\User\My Documents\advice 1.doc
[2009/04/12 12:37:55 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.com
[2009/04/11 16:26:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/11 16:26:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/11 16:26:36 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2009/04/11 16:26:35 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2009/04/11 16:26:31 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/11 16:24:32 | 01,431,504 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\User\Desktop\RegCureSetup_RW.exe
[2009/04/11 16:10:14 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/04/11 16:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/11 14:22:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/04/11 11:44:27 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/04/11 11:44:12 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/04/11 11:44:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\a-squared Free
[2009/04/11 11:30:09 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Thank You For Your Order.doc
[2009/04/11 11:18:36 | 00,000,436 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/11 11:18:35 | 00,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/04/11 11:18:27 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/04/11 11:18:26 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/04/03 15:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/03/31 19:11:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/30 11:54:32 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/28 10:24:27 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/28 10:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/28 10:23:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/28 10:23:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/28 10:22:33 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/21 13:35:56 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\User\Desktop\setup-spybotsd162.exe
[2009/03/21 11:57:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
========== Files - Modified Within 30 Days ==========
[16 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/04/13 20:19:21 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2009/04/13 19:14:13 | 00,138,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/13 19:13:55 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/04/13 19:13:55 | 00,189,784 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/13 17:00:03 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/13 09:08:35 | 35,077,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/13 08:53:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/13 08:47:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 08:47:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 01:38:23 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/04/13 01:38:23 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/04/13 01:38:23 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/04/13 01:38:23 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/04/13 01:38:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/04/13 01:38:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/04/13 01:38:23 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/04/13 01:38:23 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/04/12 22:08:19 | 00,093,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/12 21:47:32 | 00,278,161 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2009/04/12 17:34:55 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/12 17:34:00 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2009/04/12 14:24:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/12 14:23:13 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/12 14:08:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/12 14:07:11 | 03,073,735 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2009/04/12 13:40:58 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\User\My Documents\advice 1.doc
[2009/04/12 12:37:55 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.com
[2009/04/12 08:06:55 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/04/11 16:26:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/11 16:26:36 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2009/04/11 16:26:35 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2009/04/11 16:24:44 | 01,431,504 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\User\Desktop\RegCureSetup_RW.exe
[2009/04/11 16:10:14 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2009/04/11 11:44:27 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/04/11 11:30:09 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Thank You For Your Order.doc
[2009/04/11 11:26:14 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/04/11 11:20:52 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Windows Explorer.lnk
[2009/04/11 10:11:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/09 16:04:46 | 00,312,293 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090410-140327.backup
[2009/04/09 16:03:52 | 00,312,293 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090409-160446.backup
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/31 19:15:28 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\User\My Documents\desktop.ini
[2009/03/31 19:13:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/30 11:54:33 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/29 08:56:32 | 00,554,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 08:56:32 | 00,101,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/29 08:56:30 | 00,668,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/28 10:24:27 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/27 20:39:22 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/03/27 16:36:48 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.exe
[2009/03/26 19:59:48 | 00,068,648 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/26 10:03:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/03/26 09:46:01 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2009/03/26 09:45:40 | 02,246,144 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/03/24 09:32:39 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/24 09:32:39 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/24 09:32:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/23 12:25:24 | 00,303,103 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090409-160352.backup
[2009/03/21 13:42:15 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[2009/03/21 13:38:30 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\User\Desktop\setup-spybotsd162.exe
< End of report >
Mattiemcc
2009-04-15, 14:00
No problem with the delay I appreciate your help. I have uploaded the latest Windows updates but that has not helped either.
Here is the result:
a-squared 4.0.0.101 2009.04.15 -
AhnLab-V3 5.0.0.2 2009.04.15 -
AntiVir 7.9.0.143 2009.04.15 -
Antiy-AVL 2.0.3.1 2009.04.15 -
Authentium 5.1.2.4 2009.04.14 -
Avast 4.8.1335.0 2009.04.14 -
AVG 8.5.0.287 2009.04.15 -
BitDefender 7.2 2009.04.15 -
CAT-QuickHeal 10.00 2009.04.15 -
ClamAV 0.94.1 2009.04.15 -
Comodo 1113 2009.04.14 -
DrWeb 4.44.0.09170 2009.04.15 -
eSafe 7.0.17.0 2009.04.13 Win32.Banker
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.14 -
F-Secure 8.0.14470.0 2009.04.15 -
Fortinet 3.117.0.0 2009.04.15 -
GData 19 2009.04.15 -
Ikarus T3.1.1.49.0 2009.04.15 -
K7AntiVirus 7.10.703 2009.04.14 -
Kaspersky 7.0.0.125 2009.04.15 -
McAfee 5584 2009.04.14 -
McAfee+Artemis 5584 2009.04.14 -
McAfee-GW-Edition 6.7.6 2009.04.15 -
Microsoft 1.4502 2009.04.15 -
NOD32 4009 2009.04.15 -
Norman 6.00.06 2009.04.14 -
nProtect 2009.1.8.0 2009.04.15 -
PCTools 4.4.2.0 2009.04.14 -
Prevx1 V2 2009.04.15 -
Rising 21.25.22.00 2009.04.15 -
Sophos 4.40.0 2009.04.15 -
Sunbelt 3.2.1858.2 2009.04.15 -
Symantec 1.4.4.12 2009.04.15 -
TheHacker 6.3.4.0.309 2009.04.15 -
TrendMicro 8.700.0.1004 2009.04.15 -
ViRobot 2009.4.15.1694 2009.04.15 -
VirusBuster 4.6.5.0 2009.04.15 -
Additional information
File size: 578560 bytes
MD5...: b26b135ff1b9f60c9388b4a7d16f600b
SHA1..: 08fe9ff1fe9b8fd237adedb10d65fb0447b91fe5
SHA256: acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c
SHA512: 06205444bbc9773fdea5c3ad949dfa8347d0248b87f8a0e43ede8758466fc087
b8c67f124f2b1b09abe4267255a27e3543ef3d00923e75133f9d5ddca5567c39
ssdeep: 6144:Q7ML7NoIlCGJPY2Z2AlptXbgz0+Q4odCGfTnpbEdd/fudqsa0jucQgBMacC
GNoEd:foHEHblpWz0jPLhEfgP6WMDoEJY
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xb217
timedatestamp.....: 0x4802a11b (Mon Apr 14 00:11:07 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5f283 0x5f400 6.65 25051dc5344bd71f517de4813f1397ed
.data 0x61000 0x1180 0xc00 2.38 28fc1d764bf4ed37bb349bca5991a1ff
.rsrc 0x63000 0x2a088 0x2a200 4.97 818c69d1407c2f66058a8171086b2fba
.reloc 0x8e000 0x2de4 0x2e00 6.77 68ebe5a2d822be0663a3e935b39d0bae
( 3 imports )
> GDI32.dll: GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, GdiGetBitmapBitsSize, CreatePen, Ellipse, CreateEllipticRgn, GdiFixUpHandle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, bInitSystemAndFontsDirectoriesW, bMakePathNameW, cGetTTFFromFOT, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, CreateFontIndirectW, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiGetCodePage, GetTextCharset, GdiPrinterThunk, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetObjectType, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, CreateSolidBrush, GetStockObject, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, BitBlt, GdiConvertAndCheckDC, StretchBlt, SetRectRgn, GdiReleaseDC, GdiConvertEnhMetaFile, GdiConvertMetaFilePict, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, GetDIBColorTable, GetDeviceCaps, StretchDIBits, GetLayout, SetBkColor, SetTextColor, GetObjectW, GetBkColor, SetBkMode, SelectObject, IntersectClipRect, GetTextAlign, SetTextAlign, GdiProcessSetup
> KERNEL32.dll: LocalSize, SizeofResource, LoadResource, FindResourceExW, FindResourceExA, GetModuleHandleW, DisableThreadLibraryCalls, GetCurrentThreadId, IsDBCSLeadByteEx, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetSystemDirectoryW, GetComputerNameW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, HeapReAlloc, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, HeapSize, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, ReadFile, SetFileTime, GetFileTime, GetSystemWindowsDirectoryW, CopyFileW, MoveFileW, DeleteFileW, CreateProcessW, AddAtomA, AddAtomW, GetAtomNameW, GetAtomNameA, IsValidLocale, ConvertDefaultLocale, CompareStringW, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, ProcessIdToSessionId, GetCurrentProcessId, InterlockedCompareExchange, IsDBCSLeadByte, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LocalUnlock, LocalLock, LocalReAlloc, GetACP, GetOEMCP, InterlockedIncrement, InterlockedDecrement, SetLastError, GlobalFindAtomW, GlobalAlloc, MultiByteToWideChar, GlobalReAlloc, GetLastError, GetProcAddress, LoadLibraryW, FreeLibrary, lstrcpynW, CreateFileW, WritePrivateProfileStringW, lstrcmpiW, SetEvent, WaitForMultipleObjectsEx, WideCharToMultiByte, GlobalFlags, GetLocaleInfoW, GlobalFree, GetModuleFileNameW, GlobalGetAtomNameW, GlobalGetAtomNameA, InterlockedExchange, DeleteAtom, LocalAlloc, GlobalDeleteAtom, LocalFree, GlobalSize, GlobalLock, GlobalUnlock, GetUserDefaultLCID, HeapAlloc, HeapFree, lstrcpyW, lstrcatW, GetPrivateProfileStringW, RegisterWaitForInputIdle
> ntdll.dll: NtQueryVirtualMemory, RtlUnwind, RtlNtStatusToDosError, NlsAnsiCodePage, RtlAllocateHeap, qsort, RtlMultiByteToUnicodeSize, LdrFlushAlternateResourceModules, RtlPcToFileHeader, wcsrchr, NtRaiseHardError, RtlIsNameLegalDOS8Dot3, strrchr, sscanf, NtQueryKey, NtEnumerateValueKey, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, _wcsicmp, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, RtlUnicodeToMultiByteSize, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlInitializeCriticalSection, NtQuerySystemInformation, swprintf, RtlDeleteCriticalSection, RtlImageNtHeader, CsrClientConnectToServer, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, RtlQueryInformationActiveActivationContext, RtlReleaseActivationContext, RtlFreeHeap, wcsncpy, wcscmp, wcstoul, wcscat, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlCreateUnicodeStringFromAsciiz, RtlFreeUnicodeString, NtOpenDirectoryObject, _chkstk, wcscpy, wcsncat, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, wcslen, RtlFindActivationContextSectionString, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlOpenCurrentUser, NtEnumerateKey, NtOpenKey, NtClose, NtQueryValueKey, RtlInitUnicodeString, RtlUnicodeStringToInteger
( 732 exports )
ActivateKeyboardLayout, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseWindow, CloseWindowStation, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGuiResources, GetIconInfo, GetInputDesktop, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopWindow, GetUpdateRect, GetUpdateRgn, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowContextHelpId, GetWindowDC, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InitializeWin32EntryTable, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsRectEmpty, IsServerSideWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowUnicode, IsWindowVisible, IsZoomed, KillSystemTimer, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateSetDbgTag, PrivateSetRipFlags, PtInRect, QuerySendMessage, QueryUserCounters, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterRawInputDevices, RegisterServicesProcess, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetConsoleReserveKeys, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetLogonNotifyWindow, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetParent, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetSystemTimer, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowContextHelpId, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowWindow, ShowWindowAsync, SoftModalMessageBox, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterUserApiHook, UpdateLayeredWindow, UpdatePerUserSystemParameters, UpdateWindow, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, Win32PoolAllocationStats, WinHelpA, WinHelpW, WindowFromDC, WindowFromPoint, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
RDS...: NSRL Reference Data Set