|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#16
August 9th, 2008, 11:52 PM
|
|||
|
|||
|
Gmer Results:
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-08-09 15:08:50 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF5E529AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF5E52A41] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF5E52958] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF5E5296C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF5E52A55] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF5E52A81] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF5E52AEF] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF5E52AD9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF5E529EA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF5E52B1B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF5E52A2D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF5E52930] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF5E52944] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF5E529BE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF5E52B57] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF5E52AC3] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF5E52AAD] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF5E52A6B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF5E52B43] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF5E52B2F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF5E52996] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF5E52982] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF5E52A97] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF5E52A19] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF5E52B05] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF5E52A00] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF5E529D4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwYieldExecution 8050189C 7 Bytes JMP F5E529D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 8056D3CA 2 Bytes JMP F5E529AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile + 3 8056D3CD 2 Bytes [ 8E, 75 ] PAGE ntkrnlpa.exe!NtMapViewOfSection 805A6206 7 Bytes JMP F5E529EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A701C 5 Bytes JMP F5E52A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805AC78E 7 Bytes JMP F5E529C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805BFE1E 5 Bytes JMP F5E52934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805C00AA 5 Bytes JMP F5E52948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805C28DC 5 Bytes JMP F5E52986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5ED8 7 Bytes JMP F5E52970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805C5F8E 5 Bytes JMP F5E5295C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805C64B0 5 Bytes JMP F5E5299A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805C776C 5 Bytes JMP F5E52A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryValueKey 80616F40 7 Bytes JMP F5E52AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 8061728E 5 Bytes JMP F5E52B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 80617546 7 Bytes JMP F5E52A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnloadKey 8061780E 7 Bytes JMP F5E52B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80618054 7 Bytes JMP F5E52AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 806188AC 7 Bytes JMP F5E52A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateKey 80618E86 5 Bytes JMP F5E52A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 80619316 7 Bytes JMP F5E52A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 806194E6 7 Bytes JMP F5E52A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateKey 806196C6 7 Bytes JMP F5E52AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80619930 7 Bytes JMP F5E52ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwOpenKey 8061A21C 5 Bytes JMP F5E52A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryKey 8061A540 7 Bytes JMP F5E52B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 8061AA66 5 Bytes JMP F5E52B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061AB80 5 Bytes JMP F5E52B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? F:\DOCUME~1\Mason\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760000 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007600A4 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00760093 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00760FAF .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0076006C .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760FCA .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00760F74 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007600C6 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007600FC .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00760F63 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00760F52 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00760051 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0076001B .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 007600B5 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00760036 .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00760FEF .text F:\WINDOWS\system32\svchost.exe[400] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007600D7 .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00750FCA .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00750F94 .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0075001B .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0075000A .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00750051 .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00750FB9 .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00750FEF .text F:\WINDOWS\system32\svchost.exe[400] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00750036 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F00000 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F00F81 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F00F92 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F00FB9 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F00FCA .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F00062 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F00F44 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F00F55 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F000C2 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F000B1 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F00F0E .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F00FDB .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F0001B .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F00F66 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F00051 .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F0002C .text F:\WINDOWS\system32\services.exe[584] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F00F29 .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00960FCA .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00960F97 .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00960FE5 .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0096001B .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00960FA8 .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00960FB9 .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00960000 .text F:\WINDOWS\system32\services.exe[584] ADVAPI32.dll! 
|
|
#17
August 9th, 2008, 11:53 PM
|
|||
|
|||
|
Continued from last post:
RegCreateKeyA 77DFD5BB 5 Bytes JMP 00960040 .text F:\WINDOWS\system32\services.exe[584] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930000 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EF0FE5 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EF0045 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EF0F50 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EF0F61 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EF0F7C .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll! LoadLibraryA 7C801D77 5 Bytes JMP 00EF0F97 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EF006A .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EF0F22 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EF00A7 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EF0096 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00EF0EFD .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00EF001E .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00EF0FD4 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00EF0F3F .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00EF0FB2 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00EF0FC3 .text F:\WINDOWS\system32\lsass.exe[596] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00EF007B .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00EE0FCA .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00EE0F8D .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00EE0025 .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00EE0FE5 .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00EE0FA8 .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00EE0040 .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00EE0000 .text F:\WINDOWS\system32\lsass.exe[596] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00EE0FB9 .text F:\WINDOWS\system32\lsass.exe[596] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00EC0000 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00820000 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00820FA0 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00820095 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00820084 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00820069 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00820FD1 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008200D2 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008200C1 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00820108 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00820F65 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00820119 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00820058 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0082001B .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008200B0 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00820047 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00820036 .text F:\WINDOWS\system32\svchost.exe[756] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008200E3 .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00810FD4 .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00810F8D .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0081001B .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0081000A .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0081004A .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00810FA8 .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00810FEF .text F:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00810FB9 .text F:\WINDOWS\system32\svchost.exe[756] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007D0000 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0FEF .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E0091 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0F92 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0076 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0065 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0039 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E00DA .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E00BD .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0106 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00F5 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E0F52 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E004A .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E000A .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll! CreatePipe 7C81E0C7 5 Bytes JMP 008E00AC .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E0FC3 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E0FD4 .text F:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F77 .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FC3 .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D0054 .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0014 .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D0FDE .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D002F .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0F97 .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D0FEF .text F:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0FB2 .text F:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008B0FE5 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02230000 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 022300A1 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0223007C .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0223005F .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0223004E .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0223003D .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 022300CD .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02230F91 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02230F3E .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02230F59 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02230F23 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02230FAC .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02230011 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 022300BC .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02230FD1 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02230022 .text F:\WINDOWS\System32\svchost.exe[840] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02230F74 .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0221002C .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 02210084 .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0221001B .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02210000 .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 02210073 .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 02210058 .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02210FE5 .text F:\WINDOWS\System32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02210047 .text F:\WINDOWS\System32\svchost.exe[840] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01870FE5 .text F:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02220FE5 .text F:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02220000 .text F:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02220011 .text F:\WINDOWS\System32\svchost.exe[840] WININET.dll!InternetOpenUrlW 780BAEA1 5 Bytes JMP 02220036 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760FE5 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00760F57 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00760F72 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00760F83 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00760F9E .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760FAF .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00760F3A .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00760082 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 0076009D .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00760F04 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 007600B8 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00760036 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00760000 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00760067 .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0076001B .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00760FCA .text F:\WINDOWS\system32\svchost.exe[888] kernel32.dll!WinExec
|
|
#18
August 9th, 2008, 11:54 PM
|
|||
|
|||
|
Continued from last post:
7C86136D 5 Bytes JMP 00760F1F .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00750025 .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00750065 .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00750FD4 .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0075000A .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00750054 .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll! RegCreateKeyW 77DF8F7D 5 Bytes JMP 00750FA8 .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00750FEF .text F:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00750FB9 .text F:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00730000 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B10FEF .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B100A1 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B10090 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B10073 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B10058 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B10FC0 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B10F8A .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B100C6 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B10119 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B100FE .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B10F5B .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B10047 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B1000A .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B10F9B .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B10036 .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B1001B .text F:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B100ED .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AE0040 .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AE0FB6 .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AE0025 .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AE0FEF .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AE0073 .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AE0062 .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AE0000 .text F:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AE0051 .text F:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AC0000 .text F:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00B00000 .text F:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00B00011 .text F:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00B00FE5 .text F:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlW 780BAEA1 5 Bytes JMP 00B00040 .text f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1460] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1460] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1624] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 013EF6E0 F:\Program Files\SiteAdvisor\6261\saPlugin.dll .text F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1624] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation) .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01470000 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01470F52 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01470F63 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01470F80 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0147003D .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01470022 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01470F30 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01470F41 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01470F04 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 014700A7 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 01470EF3 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01470F9B .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01470FDB .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01470062 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01470FB6 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01470011 .text F:\WINDOWS\Explorer.EXE[1904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01470F1F .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01140FE5 .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01140087 .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0114002C .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0114001B .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01140076 .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01140065 .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01140000 .text F:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01140FD4 .text F:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01150000 .text F:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01150FDB .text F:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01150FC0 .text F:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenUrlW 780BAEA1 5 Bytes JMP 01150FAF .text F:\WINDOWS\Explorer.EXE[1904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01C00000 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B006E .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F79 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F8A .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0047 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FAF .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F4D .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0089 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0F17 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F32 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B00CB .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0036 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B0014 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B0F68 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B0025 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0FD4 .text F:\WINDOWS\system32\wuauclt.exe[2972] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B00B0 .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002A0025 .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002A0F8D .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002A0FD4 .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002A0FE5 .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002A0F9E .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002A0FB9 .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002A0000 .text F:\WINDOWS\system32\wuauclt.exe[2972] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002A0036 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Classes\.disabled@ SpybotSD.DisabledFile Reg HKLM\SOFTWARE\Classes\.DVDFab5@ DVDFab5 Reg HKLM\SOFTWARE\Classes\.DVDFab5\shell Reg HKLM\SOFTWARE\Classes\.DVDFab5\shell\open Reg HKLM\SOFTWARE\Classes\.DVDFab5\shell\open\command Reg HKLM\SOFTWARE\Classes\.DVDFab5\shell\open\command@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\.DVDFabGold5@ DVDFabGold5 Reg HKLM\SOFTWARE\Classes\.DVDFabGold5\shell Reg HKLM\SOFTWARE\Classes\.DVDFabGold5\shell\open Reg HKLM\SOFTWARE\Classes\.DVDFabGold5\shell\open\comm and Reg HKLM\SOFTWARE\Classes\.DVDFabGold5\shell\open\comm and@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\.DVDFabMobile@ DVDFabMobile Reg HKLM\SOFTWARE\Classes\.DVDFabMobile\shell Reg HKLM\SOFTWARE\Classes\.DVDFabMobile\shell\open Reg HKLM\SOFTWARE\Classes\.DVDFabMobile\shell\open\com mand Reg HKLM\SOFTWARE\Classes\.DVDFabMobile\shell\open\com mand@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\.DVDFabPlatinum5@ DVDFabPlatinum5 Reg HKLM\SOFTWARE\Classes\.DVDFabPlatinum5\shell Reg HKLM\SOFTWARE\Classes\.DVDFabPlatinum5\shell\open Reg HKLM\SOFTWARE\Classes\.DVDFabPlatinum5\shell\open\ command Reg HKLM\SOFTWARE\Classes\.DVDFabPlatinum5\shell\open\ command@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\.ifl@ iflFile Reg HKLM\SOFTWARE\Classes\.key@ regfile Reg HKLM\SOFTWARE\Classes\.oem@ oem_auto_file Reg HKLM\SOFTWARE\Classes\.sbe@ SpybotSD.SBEFile
|
|
#19
August 9th, 2008, 11:56 PM
|
|||
|
|||
|
Continued From Last Post:
Reg HKLM\SOFTWARE\Classes\.wdp@Content Type image/vnd.ms-photo Reg HKLM\SOFTWARE\Classes\.wdp@PerceivedType image Reg HKLM\SOFTWARE\Classes\.wdp\OpenWithProgids Reg HKLM\SOFTWARE\Classes\.wdp\OpenWithProgids@wdpfile 0x00 0x00 0x00 0x00 Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {3F30C968-480A-4C6C-862D-EFC0897BB84B} Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{E357FCCD-A995-4576-B01F-234630154E96} Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{E357FCCD-A995-4576-B01F-234630154E96}@ {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} Reg HKLM\SOFTWARE\Classes\.xht@ xhtfile Reg HKLM\SOFTWARE\Classes\.xht@Content Type application/xhtml+xml Reg HKLM\SOFTWARE\Classes\.xhtml@ xhtmlfile Reg HKLM\SOFTWARE\Classes\.xhtml@Content Type application/xhtml+xml Reg HKLM\SOFTWARE\Classes\.xsc@ VCExpress.xsc.9.0 Reg HKLM\SOFTWARE\Classes\.xsc@Content Type application/xml Reg HKLM\SOFTWARE\Classes\.xss@ VCExpress.xss.9.0 Reg HKLM\SOFTWARE\Classes\.xss@Content Type application/xml Reg HKLM\SOFTWARE\Classes\ACTIVEMP3.ActiveMP3Ctrl.1@ ActiveMP3 Control Reg HKLM\SOFTWARE\Classes\ACTIVEMP3.ActiveMP3Ctrl.1\CL SID Reg HKLM\SOFTWARE\Classes\ACTIVEMP3.ActiveMP3Ctrl.1\CL SID@ {4BF1E365-5DBE-11D4-BD8E-B7F5D7321078} Reg HKLM\SOFTWARE\Classes\DVDFab5@ Reg HKLM\SOFTWARE\Classes\DVDFab5\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFab5\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFab5\shell Reg HKLM\SOFTWARE\Classes\DVDFab5\shell\open Reg HKLM\SOFTWARE\Classes\DVDFab5\shell\open\command Reg HKLM\SOFTWARE\Classes\DVDFab5\shell\open\command@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\DVDFab5Open@ DVDFab5 Reg HKLM\SOFTWARE\Classes\DVDFab5Open\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFab5Open\DefaultIcon@ F:\PROGRA~1\DVDFAB~1\DVDFab.exe Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open\comma nd Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open\comma nd@ F:\PROGRA~1\DVDFAB~1\DVDFab.exe Reg HKLM\SOFTWARE\Classes\DVDFabGold5@ Reg HKLM\SOFTWARE\Classes\DVDFabGold5\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFabGold5\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell\open Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell\open\comma nd Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell\open\comma nd@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\DVDFabMobile@ Reg HKLM\SOFTWARE\Classes\DVDFabMobile\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFabMobile\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell\open Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell\open\comm and Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell\open\comm and@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5@ Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell\open Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell\open\c ommand Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell\open\c ommand@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\FirefoxHTML@ Firefox Document Reg HKLM\SOFTWARE\Classes\FirefoxHTML@FriendlyTypeName Firefox Document Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon@ C:\Program Files\Mozilla FireFox\firefox.exe,1 Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\comma nd Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\comma nd@ "C:\Program Files\Mozilla FireFox\firefox.exe" -requestPending -osint -url "%1" Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec@ "%1",,0,0,,,, Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec@NoActivateHandler Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Application Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Application@ Firefox Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Topic Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Topic@ WWW_OpenURL Reg HKLM\SOFTWARE\Classes\FirefoxURL@ Firefox URL Reg HKLM\SOFTWARE\Classes\FirefoxURL@FriendlyTypeName Firefox URL Reg HKLM\SOFTWARE\Classes\FirefoxURL@URL Protocol Reg HKLM\SOFTWARE\Classes\FirefoxURL@EditFlags 2 Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon@ C:\Program Files\Mozilla FireFox\firefox.exe,1 Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\comman d Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\comman d@ "C:\Program Files\Mozilla FireFox\firefox.exe" -requestPending -osint -url "%1" Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c@ "%1",,0,0,,,, Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c@NoActivateHandler Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Application Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Application@ Firefox Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Topic Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Topic@ WWW_OpenURL Reg HKLM\SOFTWARE\Classes\iflFile\shell Reg HKLM\SOFTWARE\Classes\iflFile\shell\open
|
|
#20
August 10th, 2008, 12:00 AM
|
|||
|
|||
|
Continued from last post:
Reg HKLM\SOFTWARE\Classes\.sbi@ SpybotSD.SBIFile Reg HKLM\SOFTWARE\Classes\.sbs@ SpybotSD.SBSFile Reg HKLM\SOFTWARE\Classes\.snk@ VCSExpress.snk.8.0 Reg HKLM\SOFTWARE\Classes\.tnfo@ SpybotSD.TInfoFile Reg HKLM\SOFTWARE\Classes\.uti@ SpybotSD.UTIFile Reg HKLM\SOFTWARE\Classes\.uts@ SpybotSD.UTSFile Reg HKLM\SOFTWARE\Classes\.w3g@ Warcraft3.Replay Reg HKLM\SOFTWARE\Classes\.wdp@ wdpfile Reg HKLM\SOFTWARE\Classes\.wdp@Content Type image/vnd.ms-photo Reg HKLM\SOFTWARE\Classes\.wdp@PerceivedType image Reg HKLM\SOFTWARE\Classes\.wdp\OpenWithProgids Reg HKLM\SOFTWARE\Classes\.wdp\OpenWithProgids@wdpfile 0x00 0x00 0x00 0x00 Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {3F30C968-480A-4C6C-862D-EFC0897BB84B} Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{E357FCCD-A995-4576-B01F-234630154E96} Reg HKLM\SOFTWARE\Classes\.wdp\ShellEx\{E357FCCD-A995-4576-B01F-234630154E96}@ {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} Reg HKLM\SOFTWARE\Classes\.xht@ xhtfile Reg HKLM\SOFTWARE\Classes\.xht@Content Type application/xhtml+xml Reg HKLM\SOFTWARE\Classes\.xhtml@ xhtmlfile Reg HKLM\SOFTWARE\Classes\.xhtml@Content Type application/xhtml+xml Reg HKLM\SOFTWARE\Classes\.xsc@ VCExpress.xsc.9.0 Reg HKLM\SOFTWARE\Classes\.xsc@Content Type application/xml Reg HKLM\SOFTWARE\Classes\.xss@ VCExpress.xss.9.0 Reg HKLM\SOFTWARE\Classes\.xss@Content Type application/xml Reg HKLM\SOFTWARE\Classes\ACTIVEMP3.ActiveMP3Ctrl.1@ ActiveMP3 Control Reg HKLM\SOFTWARE\Classes\ACTIVEMP3.ActiveMP3Ctrl.1\CL SID Reg HKLM\SOFTWARE\Classes\ACTIVEMP3.ActiveMP3Ctrl.1\CL SID@ {4BF1E365-5DBE-11D4-BD8E-B7F5D7321078} Reg HKLM\SOFTWARE\Classes\DVDFab5@ Reg HKLM\SOFTWARE\Classes\DVDFab5\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFab5\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFab5\shell Reg HKLM\SOFTWARE\Classes\DVDFab5\shell\open Reg HKLM\SOFTWARE\Classes\DVDFab5\shell\open\command Reg HKLM\SOFTWARE\Classes\DVDFab5\shell\open\command@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\DVDFab5Open@ DVDFab5 Reg HKLM\SOFTWARE\Classes\DVDFab5Open\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFab5Open\DefaultIcon@ F:\PROGRA~1\DVDFAB~1\DVDFab.exe Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open\comma nd Reg HKLM\SOFTWARE\Classes\DVDFab5Open\shell\Open\comma nd@ F:\PROGRA~1\DVDFAB~1\DVDFab.exe Reg HKLM\SOFTWARE\Classes\DVDFabGold5@ Reg HKLM\SOFTWARE\Classes\DVDFabGold5\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFabGold5\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell\open Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell\open\comma nd Reg HKLM\SOFTWARE\Classes\DVDFabGold5\shell\open\comma nd@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\DVDFabMobile@ Reg HKLM\SOFTWARE\Classes\DVDFabMobile\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFabMobile\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell\open Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell\open\comm and Reg HKLM\SOFTWARE\Classes\DVDFabMobile\shell\open\comm and@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5@ Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\DefaultIcon Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\DefaultIcon@ F:\Program Files\DVDFab 5\DVDFab.exe,0 Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell\open Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell\open\c ommand Reg HKLM\SOFTWARE\Classes\DVDFabPlatinum5\shell\open\c ommand@ F:\Program Files\DVDFab 5\DVDFab.exe "%1" Reg HKLM\SOFTWARE\Classes\FirefoxHTML@ Firefox Document Reg HKLM\SOFTWARE\Classes\FirefoxHTML@FriendlyTypeName Firefox Document Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon@ C:\Program Files\Mozilla FireFox\firefox.exe,1 Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\comma nd Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\comma nd@ "C:\Program Files\Mozilla FireFox\firefox.exe" -requestPending -osint -url "%1" Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec@ "%1",,0,0,,,, Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec@NoActivateHandler Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Application Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Application@ Firefox Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Topic Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeex ec\Topic@ WWW_OpenURL Reg HKLM\SOFTWARE\Classes\FirefoxURL@ Firefox URL Reg HKLM\SOFTWARE\Classes\FirefoxURL@FriendlyTypeName Firefox URL Reg HKLM\SOFTWARE\Classes\FirefoxURL@URL Protocol Reg HKLM\SOFTWARE\Classes\FirefoxURL@EditFlags 2 Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon@ C:\Program Files\Mozilla FireFox\firefox.exe,1 Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\comman d Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\comman d@ "C:\Program Files\Mozilla FireFox\firefox.exe" -requestPending -osint -url "%1" Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c@ "%1",,0,0,,,, Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c@NoActivateHandler Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Application Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Application@ Firefox Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Topic Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexe c\Topic@ WWW_OpenURL Reg HKLM\SOFTWARE\Classes\iflFile\shell Reg HKLM\SOFTWARE\Classes\iflFile\shell\open Reg HKLM\SOFTWARE\Classes\iflFile\shell\open\command Reg HKLM\SOFTWARE\Classes\iflFile\shell\open\command@ "F:\Program Files\IncrediFlash Intro and Banner Studio 1.2\IncrediFlashXT.exe" "%1" Reg HKLM\SOFTWARE\Classes\InetCtls.Inet@ Microsoft Internet Transfer Control 6.0 (SP4) Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\CLSID Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\CLSID@ {48E59293-9880-11CF-9754-00AA00C00908} Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\CurVer Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\CurVer@ InetCtls.Inet.1 Reg HKLM\SOFTWARE\Classes\InetCtls.Inet.1@ Microsoft Internet Transfer Control 6.0 (SP4) Reg HKLM\SOFTWARE\Classes\InetCtls.Inet.1\CLSID Reg HKLM\SOFTWARE\Classes\InetCtls.Inet.1\CLSID@ {48E59293-9880-11CF-9754-00AA00C00908} Reg HKLM\SOFTWARE\Classes\LIVECHAT.Document@ LIVECHAT.Document Reg HKLM\SOFTWARE\Classes\LIVECHAT.Document\CLSID Reg HKLM\SOFTWARE\Classes\LIVECHAT.Document\CLSID@ {105EF280-4B84-4933-9F3A-D09CEB6AE052} Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Document@ Windows XPS Document Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Document\shell ex Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Document\shell ex\PropertyHandler Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Document\shell ex\PropertyHandler@ {45670FA8-ED97-4F44-BC93-305082590BFB} Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Document\shell ex\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Document\shell ex\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {44121072-A222-48f2-A58A-6D9AD51EBBE9} Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata @ Windows XPS Document Metadata Handler Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata \CLSID Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata \CLSID@ {45670FA8-ED97-4F44-BC93-305082590BFB} Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata \Curver Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata \Curver@ Microsoft.XPS.Shell.Metadata.1 Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata .1@ Windows XPS Document Metadata Handler Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata .1\CLSID Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Metadata .1\CLSID@ {45670FA8-ED97-4F44-BC93-305082590BFB} Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l@ Windows XPS Document Thumbnail Handler Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l\CLSID Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l\CLSID@ {44121072-A222-48f2-A58A-6D9AD51EBBE9} Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l\Curver Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l\Curver@ Microsoft.XPS.Shell.Thumbnail.1 Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l.1@ Windows XPS Document Thumbnail Handler Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l.1\CLSID Reg HKLM\SOFTWARE\Classes\Microsoft.XPS.Shell.Thumbnai l.1\CLSID@ {44121072-A222-48f2-A58A-6D9AD51EBBE9} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl@ Microsoft ImageComboBox Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl\CL SID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl\CL SID@ {DD9DA666-8594-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl\Cu rVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl\Cu rVer@ MSComctlLib.ImageComboCtl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2@ Microsoft ImageComboBox Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\ CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\ CLSID@ {DD9DA666-8594-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl@ Microsoft ImageList Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CL SID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CL SID@ {2C247F23-8591-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\Cu rVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\Cu rVer@ MSComctlLib.ImageListCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2@ Microsoft ImageList Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\ CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\ CLSID@ {2C247F23-8591-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl@ Microsoft ListView Control, version 6.0
|
|
#21
August 10th, 2008, 12:02 AM
|
|||
|
|||
|
Continued from last post:
Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLS ID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLS ID@ {BDD1F04B-858B-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\Cur Ver Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\Cur Ver@ MSComctlLib.ListViewCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2@ Microsoft ListView Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\C LSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\C LSID@ {BDD1F04B-858B-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl@ Microsoft ProgressBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CLSID@ {35053A22-8589-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CurVer@ MSComctlLib.ProgCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2@ Microsoft ProgressBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2\CLSID @ {35053A22-8589-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl@ Microsoft StatusBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CLSID@ {8E3867A3-8586-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CurVer@ MSComctlLib.SBarCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl.2@ Microsoft StatusBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLS ID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLS ID@ {BDD1F04B-858B-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\Cur Ver Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\Cur Ver@ MSComctlLib.ListViewCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2@ Microsoft ListView Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\C LSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\C LSID@ {BDD1F04B-858B-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl@ Microsoft ProgressBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CLSID@ {35053A22-8589-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl\CurVer@ MSComctlLib.ProgCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2@ Microsoft ProgressBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2\CLSID @ {35053A22-8589-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl@ Microsoft StatusBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CLSID@ {8E3867A3-8586-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl\CurVer@ MSComctlLib.SBarCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl.2@ Microsoft StatusBar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl.2\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.SBarCtrl.2\CLSID @ {8E3867A3-8586-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider@ Microsoft Slider Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider\CLSID@ {F08DF954-8592-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider\CurVer@ MSComctlLib.Slider.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider.2@ Microsoft Slider Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider.2\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.Slider.2\CLSID@ {F08DF954-8592-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip@ Microsoft TabStrip Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip\CLSID@ {1EFB6596-857C-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip\CurVer@ MSComctlLib.TabStrip.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip.2@ Microsoft TabStrip Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip.2\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.TabStrip.2\CLSID @ {1EFB6596-857C-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar@ Microsoft Toolbar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar\CLSID@ {66833FE6-8583-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar\CurVer@ MSComctlLib.Toolbar.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar.2@ Microsoft Toolbar Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar.2\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.Toolbar.2\CLSID@ {66833FE6-8583-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl@ Microsoft TreeView Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CLSID@ {C74190B6-8589-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CurVer Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl\CurVer@ MSComctlLib.TreeCtrl.2 Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2@ Microsoft TreeView Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2\CLSID Reg HKLM\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2\CLSID @ {C74190B6-8589-11D1-B16A-00C0F0283628} Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog@ Microsoft Common Dialog Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID@ {F9043C85-F6F2-101A-A3C9-08002B2F49FB} Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer @ MSComDlg.CommonDialog.1 Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog.1@ Microsoft Common Dialog Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSI D Reg HKLM\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSI D@ {F9043C85-F6F2-101A-A3C9-08002B2F49FB} Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l@ MSN Photo Upload Tool Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l\CLSID Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l\CLSID@ {4F1E5B1A-2A80-42ca-8532-2D05CB959537} Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l\CurVer Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l\CurVer@ MsnPhotoUpload.PhotoUploadCtl.1 Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l.1@ MSN Photo Upload Tool Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l.1\CLSID Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCt l.1\CLSID@ {4F1E5B1A-2A80-42ca-8532-2D05CB959537} Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock@ Microsoft WinSock Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock\CLSID
|
|
#22
August 10th, 2008, 12:03 AM
|
|||
|
|||
|
Continued from last post:
Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon @ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0 Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\ command Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile\shell\open\ command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1" Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile@ Internal informations Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIc on Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIc on@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0 Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock\CLSID@ {248DD896-BB45-11CF-9ABC-0080C7E7B78D} Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock\CurVer Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock\CurVer@ MSWinsock.Winsock.1 Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock.1@ Microsoft WinSock Control, version 6.0 Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock.1\CLSID Reg HKLM\SOFTWARE\Classes\MSWinsock.Winsock.1\CLSID@ {248DD896-BB45-11CF-9ABC-0080C7E7B78D} Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp@ NSHelp Class Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp\CLSID Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp\CLSID@ {485D813E-EE26-4df8-9FAF-DEDF2885306E} Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp\CurVer Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp\CurVer@ NSHelp.NSHelp.1 Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp.1@ NSHelp Class Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp.1\CLSID Reg HKLM\SOFTWARE\Classes\NSHelp.NSHelp.1\CLSID@ {485D813E-EE26-4df8-9FAF-DEDF2885306E} Reg HKLM\SOFTWARE\Classes\oem_auto_file@ Reg HKLM\SOFTWARE\Classes\oem_auto_file\shell Reg HKLM\SOFTWARE\Classes\oem_auto_file\shell\edit Reg HKLM\SOFTWARE\Classes\oem_auto_file\shell\edit\com mand Reg HKLM\SOFTWARE\Classes\oem_auto_file\shell\edit\com mand@ %SystemRoot%\system32\NOTEPAD.EXE %1 Reg HKLM\SOFTWARE\Classes\oem_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\oem_auto_file\shell\open\com mand Reg HKLM\SOFTWARE\Classes\oem_auto_file\shell\open\com mand@ %SystemRoot%\system32\NOTEPAD.EXE %1 Reg HKLM\SOFTWARE\Classes\OpenOffice.org.reg4msdocmsi@ Reg4MsDocState 16 Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline@ CoFilterPipeline Class Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline\CL SID Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline\CL SID@ {d54378cd-91d8-4e10-a00b-819f9a9efcb1} Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline\Cu rVer Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline\Cu rVer@ PrintSys.CoFilterPipeline.1 Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline.1@ CoFilterPipeline Class Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline.1\ CLSID Reg HKLM\SOFTWARE\Classes\PrintSys.CoFilterPipeline.1\ CLSID@ {d54378cd-91d8-4e10-a00b-819f9a9efcb1} Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl@ Microsoft Rich Textbox Control 6.0 (SP4) Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\CLSID Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\CLSID@ {3B7C8860-D78F-101B-B9B5-04021C009402} Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\CurVer Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\CurVer @ RICHTEXT.RichtextCtrl.1 Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl.1@ Microsoft Rich Textbox Control 6.0 (SP4) Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl.1\CLSI D Reg HKLM\SOFTWARE\Classes\RICHTEXT.RichtextCtrl.1\CLSI D@ {3B7C8860-D78F-101B-B9B5-04021C009402} Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX@ SOActiveX Class Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX\CLSID Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX\CLSID@ {67F2A879-82D5-4A6D-8CC5-FFB3C114B69D} Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX\CurVer Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX\CurVer@ so_activex.SOActiveX.1 Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX.1@ SOActiveX Class Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX.1\CLSID Reg HKLM\SOFTWARE\Classes\so_activex.SOActiveX.1\CLSID @ {67F2A879-82D5-4A6D-8CC5-FFB3C114B69D} Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile@ Disabled startup file Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\Defaul tIcon Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\Defaul tIcon@ "C:\Program Files\Spybot - Search & Destroy\blindman.exe",0 Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\ open Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\ open\command Reg HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\ open\command@ "C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile@ Spyware exclude file Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon @ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0 Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\ command Reg HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\ command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1" Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile@ Spyware include file Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon @ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0 Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\ command Reg HKLM\SOFTWARE\Classes\SpybotSD.SBIFile\shell\open\ command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1" Reg HKLM\SOFTWARE\Classes\SpybotSD.SBSFile@ Spyware supplemental file SWF2XML Object Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\ope n Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\ope n\command Reg HKLM\SOFTWARE\Classes\SpybotSD.TInfoFile\shell\ope n\command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1" Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile@ Usage tracks include file Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon @ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0 Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\ command Reg HKLM\SOFTWARE\Classes\SpybotSD.UTIFile\shell\open\ command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1" Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile@ Usage tracks supplemental file Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon @ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe",0 Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\ command Reg HKLM\SOFTWARE\Classes\SpybotSD.UTSFile\shell\open\ command@ "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "%1" Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer@ SSubTimer6.CTimer Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer\Clsid Reg HKLM\SOFTWARE\Classes\SSubTimer6.CTimer\Clsid@ {71A27034-C7D8-11D2-BEF8-525400DFB47A} Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass@ SSubTimer6.GSubclass Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass\Clsid Reg HKLM\SOFTWARE\Classes\SSubTimer6.GSubclass\Clsid@ {71A27032-C7D8-11D2-BEF8-525400DFB47A} Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass@ SSubTimer6.ISubclass Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass\Clsid Reg HKLM\SOFTWARE\Classes\SSubTimer6.ISubclass\Clsid@ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} Reg HKLM\SOFTWARE\Classes\SWFScout.FlashMovie@ FlashMovie Object Reg HKLM\SOFTWARE\Classes\SWFScout.FlashMovie\Clsid Reg HKLM\SOFTWARE\Classes\SWFScout.FlashMovie\Clsid@ {C95F3816-578E-4CCB-A51C-382C522C6F38} Reg HKLM\SOFTWARE\Classes\SWFScout.SWF2EXE@ SWF2EXE Object Reg HKLM\SOFTWARE\Classes\SWFScout.SWF2EXE\Clsid Reg HKLM\SOFTWARE\Classes\SWFScout.SWF2EXE\Clsid@ {CC7A69F4-C034-48FE-A19A-C6CE055804F9} Reg HKLM\SOFTWARE\Classes\SWFScout.SWF2XML@ Reg HKLM\SOFTWARE\Classes\SWFScout.SWF2XML\Clsid Reg HKLM\SOFTWARE\Classes\SWFScout.SWF2XML\Clsid@ {8B2B6B4F-57C1-4118-B11D-9E67E27D009F} Reg HKLM\SOFTWARE\Classes\SWFScout.SWFFileInfo@ SWFFileInfo Object Reg HKLM\SOFTWARE\Classes\SWFScout.SWFFileInfo\Clsid Reg HKLM\SOFTWARE\Classes\SWFScout.SWFFileInfo\Clsid@ {D3C43F76-1A79-45B7-81ED-912B19E74F0A} Reg HKLM\SOFTWARE\Classes\SWFScout.XML2SWF@ XML2SWF Object Reg HKLM\SOFTWARE\Classes\SWFScout.XML2SWF\Clsid Reg HKLM\SOFTWARE\Classes\SWFScout.XML2SWF\Clsid@ {9A4FAD56-C770-4340-AF82-8D7B0CEB015F} Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab@ Microsoft Tabbed Dialog Control 6.0 (SP6) Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A} Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer@ TabDlg.SSTab.1 Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1@ Microsoft Tabbed Dialog Control 6.0 (SP6) Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A} Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.cTreeViewNo de@ vbalTreeViewLib6.cTreeViewNode
|
|
#23
August 10th, 2008, 12:04 AM
|
|||
|
|||
|
Continued from last post:
Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.cTreeViewNo de\Clsid Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.cTreeViewNo de\Clsid@ {2BF22C5D-145A-45C8-AC6A-33CF6E21E17C} Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.cTreeViewNo des@ vbalTreeViewLib6.cTreeViewNodes Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.cTreeViewNo des\Clsid Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.cTreeViewNo des\Clsid@ {48E08A6B-D846-479A-9C5C-E9FE04F7F8C9} Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.vbalTreeVie w@ vbalTreeViewLib6.vbalTreeView Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.vbalTreeVie w\Clsid Reg HKLM\SOFTWARE\Classes\vbalTreeViewLib6.vbalTreeVie w\Clsid@ {9C1F0FE1-777B-4356-8F80-40499265EAA7} Reg HKLM\SOFTWARE\Classes\Warcraft3.Replay@ Warcraft III Replay File Reg HKLM\SOFTWARE\Classes\Warcraft3.Replay\DefaultIcon Reg HKLM\SOFTWARE\Classes\Warcraft3.Replay\DefaultIcon @ C:\Program Files\Warcraft III\\Replays.ico Reg HKLM\SOFTWARE\Classes\Warcraft3.Replay\shell Reg HKLM\SOFTWARE\Classes\Warcraft3.Replay\shell\open Reg HKLM\SOFTWARE\Classes\Warcraft3.Replay\shell\open\ command Reg HKLM\SOFTWARE\Classes\Warcraft3.Replay\shell\open\ command@ "C:\Program Files\Warcraft III\\War3.exe" -loadfile "%1" Reg HKLM\SOFTWARE\Classes\wdpfile@ Windows Media Photo Reg HKLM\SOFTWARE\Classes\wdpfile@FriendlyTypeName @wmphoto.dll,-500 Reg HKLM\SOFTWARE\Classes\wdpfile\CLSID Reg HKLM\SOFTWARE\Classes\wdpfile\CLSID@ {25336920-03F9-11cf-8FD0-00AA00686F13} Reg HKLM\SOFTWARE\Classes\wdpfile\shell Reg HKLM\SOFTWARE\Classes\wdpfile\shell\print Reg HKLM\SOFTWARE\Classes\wdpfile\shell\print\command Reg HKLM\SOFTWARE\Classes\wdpfile\shell\print\command@ rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullsc reen %1 Reg HKLM\SOFTWARE\Classes\wdpfile\shell\print\DropTarg et Reg HKLM\SOFTWARE\Classes\wdpfile\shell\print\DropTarg et@Clsid {60FD46DE-F830-4894-A628-6FA81BC0190D} Reg HKLM\SOFTWARE\Classes\wdpfile\shell\printto Reg HKLM\SOFTWARE\Classes\wdpfile\shell\printto\comman d Reg HKLM\SOFTWARE\Classes\wdpfile\shell\printto\comman d@ rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_PrintT o /pt "%1" "%2" "%3" "%4" ---- EOF - GMER 1.0.14 ----
|
|
#24
August 10th, 2008, 12:05 AM
|
|||
|
|||
|
Reglooks Results:
REGLOOKS logfile version 0.977 Sat 08/09/2008 15:23:11.53 running from: "F:\Documents and Settings\Mason\Desktop" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad only standard or legit regkeys found --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"="F:\\WINDOWS\\system32\\userinit.ex e," --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe" --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"="" --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"="" --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify only standard or legit regkeys found --- RUN / LOAD regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"="" --- BOOTEXECUTE regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager BootExecute= autocheck autochk *\0 --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" --- AUTORUN regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor "AutoRun"="" --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "NvCplDaemon"="RUNDLL32.EXE F:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE F:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SoundMan"="SOUNDMAN.EXE" "ISUSPM"="\"F:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler" "NeroFilterCheck"="F:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe" "NBKeyScan"="\"C:\\Program Files\\Nero 8\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"" "SiteAdvisor"="\"F:\\Program Files\\SiteAdvisor\\6261\\SiteAdv.exe\"" "McENUI"="F:\\PROGRA~1\\McAfee\\MHN\\McENUI.ex e /hide" "mcagent_exe"="F:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey" "McAfee Backup"="F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe" "MBkLogOnHook"="F:\\Program Files\\McAfee\\MBK\\LogOnHook.exe" "itype"="\"F:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\"" "IntelliPoint"="\"F:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" "QuickTime Task"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="\"F:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\"" "Adobe Reader Speed Launcher"="\"F:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "AppleSyncNotifier"="F:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [Run\OptionalComponents] @="" [Run\OptionalComponents\IMAIL] "Installed"="1" @="" [Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [Run\OptionalComponents\MSFS] "Installed"="1" @="" --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce [RunOnce\ApprovedByRegRun2] [RunOnce\ApprovedByRegRun2\AntiRepl] [RunOnce\ApprovedByRegRun2\AntiRepl\0] "Operation"=dword:00000001 "Target"="\\??\\F:\\WINDOWS\\TEMP\\003604~1.EX E" "Source"="" [RunOnce\ApprovedByRegRun2\AntiRepl\1] "Operation"=dword:00000001 "Target"="\\??\\F:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\ McAfee\\MSC\\Updates\\Installs\\1\\msk\\mcinst.exe " "Source"="" [RunOnce\ApprovedByRegRun2\AntiRepl\2] "Operation"=dword:00000001 "Target"="\\??\\F:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\ McAfee\\MSC\\Updates\\Installs\\1\\msk\\mcinst.exe " "Source"="" [RunOnce\ApprovedByRegRun2\AntiRepl\3] "Operation"=dword:00000001 "Target"="\\??\\F:\\DOCUME~1\\Mason\\LOCALS~1\\Tem p\\A~NSISu_.exe" "Source"="" [RunOnce\ApprovedByRegRun2\AntiRepl\4] "Operation"=dword:00000000 "Target"="\\??\\F:\\WINDOWS\\system32\\DllCache\\u sb8023.sys" "Source"="\\??\\F:\\WINDOWS\\system32\\DllCache\\S ETACF.tmp" [RunOnce\ApprovedByRegRun2\AntiRepl\5] "Operation"=dword:00000000 "Target"="\\??\\F:\\WINDOWS\\system32\\DllCache\\r ndismp.sys" "Source"="\\??\\F:\\WINDOWS\\system32\\DllCache\\S ETAD0.tmp" [RunOnce\ApprovedByRegRun2\AntiRepl\6] "Operation"=dword:00000001 "Target"="\\??\\F:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\ McAfee\\MSC\\Updates\\Installs\\1\\msk\\mcinst.exe " "Source"="" [RunOnce\ApprovedByRegRun2\AntiRepl\7] "Operation"=dword:00000001 "Target"="F:\\WINDOWS\\SYSTEM32\\TCEXFST.SYS" "Source"="" --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx no HKLM RunOnceEx keys found --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices no HKLM RunServices keys found --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce regkey does not exist --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run "ctfmon.exe"="F:\\WINDOWS\\system32\\ctfmon.ex e" "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"F:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "MsnMsgr"="\"F:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background" "AllToTray"="F:\\PROGRA~1\\ALLTOT~1\\ALLTOT~1. EXE" "Mini-XP"="F:\\Documents and Settings\\Mason\\Local Settings\\Temporary Internet Files\\Content.IE5\\4CG9BU6E\\Mini-XP.exe" "Vidalia"="\"F:\\Program Files\\Vidalia Bundle\\Vidalia\\vidalia.exe\"" "H/PC Connection Agent"="\"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"" "WinMinimizer"="E:\\WMinimizer\\WindowMinimizer.ex e" --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce no HKCU RunOnce keys found --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx regkey does not exist --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices no HKCU RunServices keys found --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce regkey does not exist --- HKU\.DEFAULT\Run regkeys - Default user --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run no HKU\.DEFAULT\Run keys found --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\S-1-5-18\Run keys found --- HKU\S-1-5-19\Run regkeys - User Lokale service --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\S-1-5-19\Run keys found --- HKU\S-1-5-20\Run regkeys - User Netwerkservice --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\S-1-5-20\Run keys found --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run regkey does not exist --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run regkey does not exist --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options no debuggers found --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects "{089FD14D-132B-48FC-8861-0048AE113215}" FILE ="F:\\Program Files\\SiteAdvisor\\6261\\SiteAdv.dll" "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" FILE ="F:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll" "{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}" FILE ="f:\\PROGRA~1\\mcafee\\msk\\mcapbho.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="F:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll" "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" FILE ="F:\\Program Files\\McAfee\\VirusScan\\scriptsn.dll" "{7E853D72-626A-48EC-A868-BA8D5E23E045}" regkey not found (ERROR) "{9030D464-4C02-4ABF-8ECC-5164760863C6}" FILE ="F:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll" --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{0BF43445-2F28-4351-9252-17FE6E806AA0}" FILE ="F:\\Program Files\\SiteAdvisor\\6261\\SiteAdv.dll" --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks only standard regkeys found --- SRCEENSAVER regkey --- HKEY_CURRENT_USER\Control Panel\Desktop "SCRNSAVE.EXE"="F:\\WINDOWS\\system32\\logon.s cr" --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers "Cover Designer" CLSID ={73FCA462-9BD5-4065-A73F-A8E5F6904EF7} FILE ="C:\\Program Files\\Nero 8\\Nero\\Nero8\\Nero CoverDesigner\\CoverEdExtension.dll" "Macromedia.FlashPaper.ContextMenu" CLSID ={9DED7A30-D572-4D21-8D82-6945EA697400} FILE ="F:\\Program Files\\Macromedia\\FlashPaper 2\\FlashPaperContextMenu.dll" "McCtxMenu" CLSID ={01576F39-90DE-4D6E-A068-5B20C22BAAEE} FILE ="f:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcctxmnu.dll" "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRar\\rarext.dll" "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRar\\rarext.dll" HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle rs "MBAMShlExt" CLSID ={57CE581A-0CB6-4266-9CA0-19364C90A0B3} FILE ="F:\\Program Files\\Malwarebytes' Anti-Malware\\mbamext.dll" "McCtxMenu" CLSID ={01576F39-90DE-4D6E-A068-5B20C22BAAEE} FILE ="f:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcctxmnu.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRar\\rarext.dll" --- ALTERNATESHELL regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot "AlternateShell"="cmd.exe" --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal mcmscsvc --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network mcmscsvc MpfService --- SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AN983 "DisplayName"="ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter" system32\DRIVERS\AN983.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MBackMonitor "DisplayName"="MBackMonitor" F:\Program Files\McAfee\MBK\MBackMonitor.exe "DisplayName"="Nero BackItUp Scheduler 3" C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetHook_ControlCenter "DisplayName"="ArtOfPing ControlCenter" \??\F:\Program Files\PingFu Iris\ControlCenter.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetHook_Interceptor "DisplayName"="ArtOfPing TDI Interceptor" \??\F:\Program Files\PingFu Iris\Interceptor.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PAC7311 "DisplayName"="VGA SoC PC-Camera" system32\DRIVERS\PA707UCM.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\pgfilter "DisplayName"="pgfilter" \??\C:\Program Files\PeerGuardian2\pgfilter.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PLFlash DeviceIoControl Service "DisplayName"="PLFlash DeviceIoControl Service" F:\WINDOWS\system32\IoctlSvc.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Point32 "DisplayName"="Microsoft IntelliPoint Filter Driver" system32\DRIVERS\point32.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\viamraid system32\DRIVERS\viamraid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{175D649A-F8CB-4995-A0BF-B1062C91EBA6} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{BACC8523-717B-4969-926A-031F23F24D75} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{BC3C0ECC-F883-4496-8A9F-6AA7757AE79C} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{D6712ECB-3827-4F90-82CC-BBEACDD61636} no imagepath value found --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll," --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost HTTPFilter: HTTPFilter\0\0 LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0 NetworkService: DnsCache\0\0 netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServ er\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCom patibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServ er\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntm ssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\ 0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedacc ess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0 WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0B ITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN \0\0 DcomLaunch: DcomLaunch\0TermService\0\0 rpcss: RpcSs\0\0 imgsvc: StiSvc\0\0 termsvcs: TermService\0\0 WudfServiceGroup: WUDFSvc\0\0 --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW "cmdline" = %SystemRoot%\system32\ntvdm.exe "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- DNS SERVER regkeys --- no "NameServer" values found --- STARTUP FOLDERS --- F:\Documents and Settings\Mason\Start Menu\Programs\Startup\desktop.ini F:\Documents and Settings\Mason\Start Menu\Programs\Startup\Shortcut to BNUBot.lnk F:\Documents and Settings\Mason\Start Menu\Programs\Startup\Shortcut to l2uthless Ops.lnk F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to pg2.lnk F:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk --- TASK SCHEDULER JOBS --- F:\WINDOWS\tasks\AppleSoftwareUpdate.job F:\WINDOWS\tasks\McDefragTask.job F:\WINDOWS\tasks\McQcTask.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1" %*) .SCR files: ("%1" %*) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) FINISHED
|
|
#25
August 10th, 2008, 12:06 AM
|
|||
|
|||
|
Here are the locations of the files i listed earlier:
atsxyzd.sys = F:\WINDOWS\system32\atsxyzd.sys tcexfst.sys = F:\WINDOWS\system32\tcexfst.sys msudf.exe = F:\WINDOWS\system32\msudf.exe Nobicyt.exe = F:\WINDOWS\system32\Nobicyt.exe sytsyctd.sys = F:\WINDOWS\system32\sytsyctd.sys
|
|
#26
August 10th, 2008, 01:40 AM
|
||||
|
||||
|
That's a good shopping list for us to use now. The Gmer log is unusual, but lately logs where McAfee's Intrusion Detection has been monitoring processes they all have been. But in that something also appear to be monitoring McAfee, which is likely the hidden service we are about to remove.
Did you create these user accounts? The second refers to a "small business server" setup account, for working on remote systems. Mason.LANDRY2 (new local, admin) __sbs_netsetup__ (new local, admin) I don't see this software installed there, and by the looks of the items these logs show it addressing that is probably a good thing: RunOnce\ApprovedByRegRun2 Under those are both good and bad items, so it was either removing, or approving, all of those as one grouping. CTH doesn't have a "thumbs down" icon, but just picture that placed here for RegRun software. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe Also these, if you did not set them yourself: O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local And this is allowing a proxy connection with a server from Reliance Communications in India. Only remove this with HijackThis if again you did not set it yourself, or have no knowledge of why the setting is there: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128 ---------------------------------- Download The Avenger by Swandog from here and save it to your Desktop. Disconnect from net access, close all open programs and unzip the downloaded avenger.zip file. Then in the new avenger folder created locate and click on avenger.exe to run the tool. Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system. Code:
Begin copying here: Drivers to delete: AFinding perfmons Routing WServing msmsnkd NOBICYT Files to delete: F:\WINDOWS\system32\atsxyzd.sys F:\WINDOWS\system32\tcexfst.sys F:\WINDOWS\system32\msudf.exe F:\WINDOWS\system32\Nobicyt.exe F:\WINDOWS\system32\sytsyctd.sys Folders to delete: F:\Documents and Settings\All Users\Application Data\TEMP ---------------------------- Then reconnect to net access and Go here and run the Kaspersky online scan, and post back the log it creates. To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do. When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log. Then locate that log and copy/paste those contents back here please. ------------------------------------- Then still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK): "%userprofile%\desktop\dss.exe" /config When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following: System Restore Temp Cleanup Process Modules Then under Extra Log, uncheck all the boxes. Don't make any other changes at this time. Then click the "Scan!" button to start the scan. Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder) Post that along with the Avenger log and the Kaspersky log please. And I would like to check those files Avenger just removed. Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" Then go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select the file on your computer. C:\avenger\backup.zip You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.
|
|
#27
August 10th, 2008, 03:08 PM
|
|||
|
|||
|
Avenger results:
Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at F:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AFinding" not found! Deletion of driver "AFinding" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\perfmons" not found! Deletion of driver "perfmons" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\Routing" not found! Deletion of driver "Routing" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\WServing" not found! Deletion of driver "WServing" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "msmsnkd" deleted successfully. Driver "NOBICYT" deleted successfully. File "F:\WINDOWS\system32\atsxyzd.sys" deleted successfully. File "F:\WINDOWS\system32\tcexfst.sys" deleted successfully. File "F:\WINDOWS\system32\msudf.exe" deleted successfully. File "F:\WINDOWS\system32\Nobicyt.exe" deleted successfully. File "F:\WINDOWS\system32\sytsyctd.sys" deleted successfully. Folder "F:\Documents and Settings\All Users\Application Data\TEMP" deleted successfully. Completed script processing. ******************* Finished! Terminate.
|
|
#28
August 10th, 2008, 03:09 PM
|
|||
|
|||
|
Main.txt results (dss):
Deckard's System Scanner v20071014.68 Run by Mason on 2008-08-10 07:01:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Mason.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:01:42 AM, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\McAfee\MBK\MBackMonitor.exe F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe f:\program files\common files\mcafee\mna\mcnasvc.exe f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe F:\Program Files\McAfee\MPF\MPFSrv.exe F:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\IoctlSvc.exe F:\Program Files\SiteAdvisor\6261\SAService.exe F:\WINDOWS\System32\PAStiSvc.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\Explorer.EXE f:\PROGRA~1\mcafee.com\agent\mcagent.exe F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\SiteAdvisor\6261\SiteAdv.exe F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\PeerGuardian2\pg2.exe F:\PROGRA~1\MI3AA1~1\rapimgr.exe F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe F:\Program Files\iPod\bin\iPodService.exe F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe F:\Program Files\Internet Explorer\iexplore.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\wuauclt.exe F:\Documents and Settings\Mason\desktop\dss.exe F:\PROGRA~1\TRENDM~1\HIJACK~1\Mason.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mason O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe -- End of file - 9703 bytes -- HijackThis Fixed Entries (F:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080809-180922-124 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local backup-20080809-180922-478 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local backup-20080809-180922-626 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20080809-180922-658 O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" backup-20080809-180922-724 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local backup-20080809-180922-793 O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local backup-20080809-180922-836 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128 backup-20080809-180922-846 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20080809-180922-925 O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe backup-20080809-180922-991 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pcouffin (VSO Software pcouffin) - f:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys S3 catchme - f:\docume~1\mason\locals~1\temp\catchme.sys (file missing) S3 NetHook_ControlCenter (ArtOfPing ControlCenter) - f:\program files\pingfu iris\controlcenter.sys (file missing) S3 NetHook_Interceptor (ArtOfPing TDI Interceptor) - f:\program files\pingfu iris\interceptor.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service - "f:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 Nero BackItUp Scheduler 3 - c:\program files\nero 8\nero\nero8\nero backitup\nbservice.exe R2 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8139/810x Family Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8139/810x Family Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98 Service: RTL8023xp -- Scheduled Tasks ------------------------------------------------------------- 2008-08-04 11:18:04 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-08-01 01:00:00 352 --a------ F:\WINDOWS\Tasks\McQcTask.job 2008-07-15 01:00:00 350 --a------ F:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2008-07-10 and 2008-08-10 ----------------------------- 2008-08-07 21:01:50 0 d-------- F:\Documents and Settings\Mason\Application Data\Malwarebytes 2008-08-07 21:01:34 0 d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-07 21:01:33 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware 2008-08-07 20:38:02 0 d-------- F:\WINDOWS\ERUNT 2008-08-06 13:54:20 0 d-------- F:\Program Files\Trend Micro 2008-08-06 10:45:01 0 d-------- F:\Documents and Settings\Mason\.housecall6.6 2008-08-05 10:42:41 0 d-------- F:\Program Files\U5Me Operator 2008-08-05 08:50:17 0 d-------- F:\WINDOWS\pss 2008-08-03 09:11:46 0 d-------- F:\Program Files\LG Electronics 2008-08-01 13:43:53 0 d-------- F:\Documents and Settings\LocalService\Application Data\Macromedia 2008-08-01 13:43:52 0 d-------- F:\Documents and Settings\LocalService\Application Data\Adobe 2008-08-01 12:16:49 0 d-------- F:\Program Files\TallStick 2008-07-31 16:36:23 0 d-------- F:\Documents and Settings\All Users\Application Data\InstalledPackages 2008-07-31 16:36:16 0 d-------- F:\Documents and Settings\All Users\Application Data\SyncClient 2008-07-31 16:35:53 0 d-------- F:\Program Files\Wireless Sync 2008-07-27 15:47:44 0 d-------- F:\Documents and Settings\Mason\Application Data\ArtOfPing 2008-07-26 01:26:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Mozilla 2008-07-26 01:20:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\ArtOfPing 2008-07-26 01:19:28 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Macromedia 2008-07-26 01:19:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Adobe 2008-07-26 01:04:20 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\McAfee 2008-07-26 01:03:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Nero 2008-07-26 01:03:54 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\SiteAdvisor 2008-07-26 01:03:19 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Identities 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Templates 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Start Menu 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\SendTo 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Recent 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\PrintHood 2008-07-26 01:03:02 2359296 --ah----- F:\Documents and Settings\Mason.LANDRY2\ntuser.dat 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\NetHood 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\My Documents 2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Local Settings 2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Favorites 2008-07-26 01:03:02 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Desktop 2008-07-26 01:03:02 0 d--hs---- F:\Documents and Settings\Mason.LANDRY2\Cookies 2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2
|
|
#29
August 10th, 2008, 03:09 PM
|
|||
|
|||
|
Continued from last post:
\Application Data 2008-07-26 01:03:02 0 d---s---- F:\Documents and Settings\Mason.LANDRY2\Application Data\Microsoft 2008-07-25 13:00:33 0 d-------- F:\Documents and Settings\Mason\Application Data\Winamp 2008-07-23 09:54:06 0 d--hs---- F:\WINDOWS\ftpcache 2008-07-14 23:56:49 0 d-------- F:\Program Files\Microsoft ActiveSync 2008-07-14 22:37:03 0 d-------- F:\Program Files\Microsoft Silverlight 2008-07-14 14:07:17 0 d-------- F:\Program Files\Mozilla ActiveX Control v1.7.12 2008-07-14 11:53:08 0 d-------- F:\WINDOWS\system32\xlive 2008-07-14 11:48:02 0 d-------- F:\Program Files\Microsoft XNA 2008-07-14 11:36:03 0 d-------- F:\Program Files\iPod 2008-07-14 11:14:58 0 d-------- F:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-14 11:00:17 0 d-------- F:\WINDOWS\system32\FxsTmp 2008-07-14 10:53:42 2560 --a------ F:\WINDOWS\_MSRSTRT.EXE 2008-07-14 09:49:34 0 d-------- F:\Program Files\ElcomSoft 2008-07-13 23:26:50 0 d-------- F:\Documents and Settings\Mason\Application Data\WinRAR 2008-07-13 23:05:11 0 d-------- F:\Documents and Settings\LocalService\Application Data\McAfee 2008-07-13 23:04:27 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Application Data\Identities 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Templates 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Start Menu 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\SendTo 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Recent 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\PrintHood 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\NetHood 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\My Documents 2008-07-13 23:03:13 0 d--h----- F:\Documents and Settings\__sbs_netsetup__\Local Settings 2008-07-13 23:03:13 0 dr------- F:\Documents and Settings\__sbs_netsetup__\Favorites 2008-07-13 23:03:13 0 d-------- F:\Documents and Settings\__sbs_netsetup__\Desktop 2008-07-13 23:03:13 0 d--hs---- F:\Documents and Settings\__sbs_netsetup__\Cookies 2008-07-13 23:03:13 0 dr-h----- F:\Documents and Settings\__sbs_netsetup__\Application Data 2008-07-13 23:03:13 0 d---s---- F:\Documents and Settings\__sbs_netsetup__\Application Data\Microsoft 2008-07-13 23:03:12 2097152 --ah----- F:\Documents and Settings\__sbs_netsetup__\ntuser.dat 2008-07-13 22:32:58 0 d-------- F:\WINDOWS\SchCache 2008-07-13 20:59:28 0 d-------- F:\Program Files\Microsoft.NET 2008-07-13 20:58:51 0 d-------- F:\Program Files\Common Files\Merge Modules 2008-07-13 20:58:50 0 d-------- F:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-13 20:57:14 0 d-------- F:\Program Files\Microsoft SDKs 2008-07-13 20:22:48 0 d-------- F:\Program Files\MSBuild 2008-07-13 20:22:39 0 d-------- F:\WINDOWS\system32\XPSViewer 2008-07-13 20:22:31 0 d-------- F:\Program Files\Reference Assemblies 2008-07-13 20:16:11 0 d-------- F:\Program Files\MSXML 6.0 2008-07-13 18:11:16 0 d-------- F:\Documents and Settings\All Users\Application Data\vsosdk 2008-07-13 13:37:51 0 d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-13 13:28:04 0 d-------- F:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-07-13 13:28:02 0 d-------- F:\Program Files\DVD Shrink 2008-07-13 13:27:11 47360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-07-13 13:27:11 0 d-------- F:\Documents and Settings\Mason\Application Data\Vso 2008-07-13 13:27:11 47360 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-07-13 13:26:59 0 d-------- F:\Program Files\DVDFab 5 2008-07-13 11:49:05 0 d-------- F:\Documents and Settings\Mason\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1 2008-07-13 00:25:13 0 --a------ F:\WINDOWS\nsreg.dat 2008-07-13 00:25:03 0 d-------- F:\Documents and Settings\Mason\Application Data\Mozilla 2008-07-12 19:03:11 0 d-------- F:\Program Files\OpenOffice.org 2.4 2008-07-12 18:16:44 0 d-------- F:\Documents and Settings\Mason\Application Data\OpenOffice.org2 2008-07-12 13:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-07-12 10:26:34 0 d-------- F:\Program Files\Common Files\Adobe AIR 2008-07-12 10:25:26 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe 2008-07-12 10:24:59 0 d-------- F:\Program Files\Common Files\Adobe 2008-07-12 10:22:13 0 d-------- F:\Documents and Settings\All Users\Application Data\NOS 2008-07-12 10:22:11 0 d-------- F:\Program Files\NOS 2008-07-11 22:21:07 768 --a------ F:\WINDOWS\system32\d3d8caps.dat 2008-07-11 16:26:17 0 d-------- F:\Program Files\Chat4Support Operator 2008-07-10 19:05:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Actual Tools 2008-07-10 17:55:44 0 d-------- F:\Program Files\AllToTray -- Find3M Report --------------------------------------------------------------- 2008-08-09 18:26:34 0 d-------- F:\Program Files\McAfee 2008-08-07 13:17:23 0 d-------- F:\Documents and Settings\Mason\Application Data\uTorrent 2008-08-03 10:18:08 0 d--h----- F:\Program Files\InstallShield Installation Information 2008-08-03 10:12:51 2528 --a------ F:\Documents and Settings\Mason\Application Data\$_hpcst$.hpc 2008-08-03 09:22:49 0 d-------- F:\Documents and Settings\Mason\Application Data\Apple Computer 2008-07-25 19:14:46 664 --a------ F:\WINDOWS\system32\d3d9caps.dat 2008-07-24 21:23:12 0 d-------- F:\Documents and Settings\Mason\Application Data\FileZilla 2008-07-14 01:07:18 0 d-------- F:\Program Files\StealthBot 2008-07-13 23:57:39 0 d-------- F:\Program Files\Common Files 2008-07-13 17:01:20 0 d-------- F:\Documents and Settings\Mason\Application Data\Adobe 2008-07-13 13:30:34 0 d-------- F:\Program Files\Apple Software Update 2008-07-13 13:27:24 34 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.log 2008-07-13 13:27:11 1144 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.inf 2008-07-13 13:27:11 7887 --a------ F:\Documents and Settings\Mason\Application Data\pcouffin.cat 2008-07-12 19:02:51 0 d-------- F:\Program Files\Java 2008-07-10 18:07:12 0 d-------- F:\Program Files\Common Files\Blizzard Entertainment 2008-07-09 23:07:21 0 d-------- F:\Program Files\Boldcenter 2008-07-08 14:55:19 0 d-------- F:\Program Files\FileZilla FTP Client 2008-07-08 14:54:23 0 d-------- F:\Program Files\IncrediFlash Intro and Banner Studio 1.2 2008-07-08 14:32:39 0 d--h----- F:\Documents and Settings\Mason\Application Data\IFLTemp 2008-07-08 13:05:23 131584 --a------ F:\WINDOWS\system32\SpoonUninstall.exe 2008-07-08 09:16:40 0 d-------- F:\Program Files\SourceTec 2008-07-08 09:15:51 177 --a------ F:\DelUS.bat 2008-07-08 08:31:52 0 d-------- F:\Documents and Settings\Mason\Application Data\Macromedia 2008-07-08 08:30:56 0 d-------- F:\Program Files\Common Files\Macromedia Shared 2008-07-08 08:28:15 0 d-------- F:\Program Files\Macromedia 2008-07-07 18:38:51 0 d-------- F:\Documents and Settings\Mason\Application Data\Sun 2008-07-07 18:37:00 0 d-------- F:\Program Files\Common Files\Java 2008-07-07 10:00:54 0 d-------- F:\Program Files\Windows Media Connect 2 2008-07-06 22:14:41 0 d-------- F:\Program Files\Bonjour 2008-07-06 22:14:29 0 d-------- F:\Program Files\QuickTime 2008-07-06 22:12:48 0 d-------- F:\Program Files\Common Files\Apple 2008-07-06 22:03:44 0 d-------- F:\Program Files\Common Files\PCCamera 2008-07-06 22:03:43 0 d-------- F:\Program Files\PC VGA Camera 2008-07-06 21:57:25 0 d-------- F:\Program Files\Microsoft IntelliPoint 2008-07-06 21:56:30 0 d-------- F:\Program Files\Microsoft IntelliType Pro 2008-07-06 21:36:54 0 d-------- F:\Program Files\MSXML 4.0 2008-07-06 20:53:56 0 d-------- F:\Documents and Settings\Mason\Application Data\McAfee 2008-07-06 19:48:39 0 d-------- F:\Program Files\Windows Live 2008-07-06 19:46:52 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller 2008-07-06 17:14:16 0 d-------- F:\Program Files\SiteAdvisor 2008-07-06 17:13:49 0 d-------- F:\Program Files\Common Files\McAfee 2008-07-06 17:13:26 0 d-------- F:\Documents and Settings\Mason\Application Data\SiteAdvisor 2008-07-03 17:52:10 0 d-------- F:\Program Files\McAfee.com 2008-07-03 11:18:15 0 d-------- F:\Program Files\uTorrent 2008-06-26 15:07:12 0 d-------- F:\Documents and Settings\Mason\Application Data\Ahead 2008-06-26 14:08:08 0 d-------- F:\Program Files\NeroInstall.bak 2008-06-26 14:06:14 0 d-------- F:\Documents and Settings\Mason\Application Data\Nero 2008-06-26 14:04:41 0 d-------- F:\Program Files\Common Files\Nero 2008-06-25 20:48:10 0 d-------- F:\Documents and Settings\Mason\Application Data\Identities 2008-06-25 20:25:49 0 d-------- F:\Program Files\Wal-Mart Music Downloads Store 2008-06-25 20:25:41 0 d-------- F:\Program Files\Common Files\InstallShield 2008-06-25 19:35:31 0 d-------- F:\Program Files\VIA 2008-06-25 19:34:23 0 d-------- F:\Program Files\Realtek Sound Manager 2008-06-25 19:34:23 0 d-------- F:\Program Files\AvRack 2008-06-25 19:33:22 0 d-------- F:\Program Files\AMD 2008-06-25 19:11:35 0 d-------- F:\Program Files\TechTracker 2008-06-25 18:33:57 0 d-------- F:\Program Files\Realtek 2008-06-25 18:33:50 315392 --a------ F:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-06-25 18:28:14 0 d-------- F:\Program Files\SystemRequirementsLab 2008-06-25 17:52:57 0 d-------- F:\Program Files\Messenger 2008-06-25 17:17:44 0 d-------- F:\Program Files\Microsoft Windows Small Business Server 2008-06-25 16:32:34 0 d-------- F:\Program Files\microsoft frontpage 2008-06-25 16:29:54 0 d--h----- F:\Program Files\WindowsUpdate 2008-06-25 16:29:48 0 d-------- F:\Program Files\Online Services 2008-06-25 16:28:57 0 d-------- F:\Program Files\Common Files\MSSoap 2008-06-25 16:28:48 0 d-------- F:\Program Files\Movie Maker 2008-06-25 16:27:49 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat 2008-06-25 16:26:56 0 d-------- F:\Program Files\MSN Gaming Zone 2008-06-25 16:26:47 0 d-------- F:\Program Files\Windows NT 2008-06-25 10:14:41 0 d-------- F:\Program Files\Common Files\ODBC 2008-06-25 10:14:38 0 d-------- F:\Program Files\Common Files\SpeechEngines 2008-06-25 10:14:09 62 --ahs---- F:\Documents and Settings\Mason\Application Data\desktop.ini 2008-05-16 14:01:00 1630208 --a------ F:\WINDOWS\system32\nwiz.exe 2008-05-16 14:01:00 1019904 --a------ F:\WINDOWS\system32\nvwimg.dll 2008-05-16 14:01:00 1703936 --a------ F:\WINDOWS\system32\nvwdmcpl.dll 2008-05-16 14:01:00 466944 --a------ F:\WINDOWS\system32\nvshell.dll 2008-05-16 14:01:00 1486848 --a------ F:\WINDOWS\system32\nview.dll 2008-05-16 14:01:00 1339392 --a------ F:\WINDOWS\system32\nvdspsch.exe 2008-05-16 14:01:00 442368 --a------ F:\WINDOWS\system32\nvappbar.exe 2008-05-16 14:01:00 425984 --a------ F:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] 06/11/2008 10:33 PM 75128 --a------ F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] 11/26/2007 10:46 AM 324936 --a------ f:\PROGRA~1\mcafee\msk\mcapbho.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM] "nwiz"="nwiz.exe" [05/16/2008 02:01 PM F:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="F:\WINDOWS\system32\NvMcTray. dll" [05/16/2008 02:01 PM] "SoundMan"="SOUNDMAN.EXE" [11/15/2004 04:20 AM F:\WINDOWS\SOUNDMAN.EXE] "ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM] "NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM] "NBKeyScan"="C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM] "SiteAdvisor"="F:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 05:12 PM] "McENUI"="F:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM] "mcagent_exe"="F:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM] "McAfee Backup"="F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM] "MBkLogOnHook"="F:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM] "itype"="F:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 07:08 PM] "IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 05:52 PM] "QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM] "SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] "Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM] "AppleSyncNotifier"="F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM] "MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM] "AllToTray"="F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE " [] "Mini-XP"="F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe" [] "H/PC Connection Agent"="F:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM] F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Shortcut to pg2.lnk - C:\Program Files\PeerGuardian2\pg2.exe [1/12/2007 8:23:44 PM] VIA RAID TOOL.lnk - F:\Program Files\VIA\RAID\raid_tool.exe [6/25/2008 7:35:32 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoWelcomeScreen"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8940 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-08-10 07:02:40 ------------
|
|
#30
August 10th, 2008, 03:11 PM
|
|||
|
|||
|
I have posted it on that website.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Wireless routing problem - can anyone help? | greenak | Networking | 1 | October 6th, 2008 01:03 AM |
| Unknown problem: afinding.exe, nobicyst.exe, perfs.exe, routing.exe, wserving.exe | chris_vasss | Malware Removal | 36 | August 7th, 2008 12:40 AM |
| LAN / WAN Routing | StormRage | Networking | 0 | October 5th, 2006 07:56 PM |
| Ip Routing | tom_36 | Networking | 1 | March 29th, 2006 08:17 PM |
| Problem with IRQ Routing | ECO | Windows NT, 2000, 2003, 2008, 2012 | 0 | August 26th, 2002 12:07 AM |
All times are GMT +1. The time now is 09:34 AM.