البرنامج الأول
ComboFix 09-04-19.01 - asus 04/19/2009 1:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.3071.2693 [GMT 3:00]
Running from: c:\documents and settings\asus\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MabryObj.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\win.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-18 22:37 . 2009-04-18 22:37 63 ----a-w c:\windows\AlfaStart.CMD
2009-04-18 22:37 . 2009-04-18 22:37 188 ----a-w c:\windows\StartClean.cmd
2009-04-18 22:37 . 2009-04-18 22:37 1543 ----a-w c:\windows\AlfaRun.cmd
2009-04-18 21:52 . 2009-04-18 22:33 1823 ----a-w c:\windows\system32\win
2009-04-18 21:07 . 2009-04-18 22:36 1546884 --sha-r C:\winfile.jpg
2009-04-18 19:20 . 2009-04-18 22:35 1546884 --sha-r c:\windows\system32\winjpg.jpg
2009-04-18 14:38 . 2009-04-18 14:39 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-18 14:38 . 2009-04-18 14:38 -------- d-----w c:\windows\system32\LogFiles
2009-04-17 21:59 . 2009-04-17 21:59 -------- d-sh--w c:\documents and settings\asus\IECompatCache
2009-04-17 21:59 . 2009-04-17 21:59 -------- d-sh--w c:\documents and settings\asus\PrivacIE
2009-04-17 21:58 . 2009-04-17 21:58 -------- d-sh--w c:\documents and settings\asus\IETldCache
2009-04-17 21:57 . 2009-04-17 21:57 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-17 21:48 . 2009-04-17 21:48 -------- d--h--w c:\windows\msdownld.tmp
2009-04-17 21:48 . 2009-04-17 21:48 -------- d-----w c:\windows\ie8updates
2009-04-17 21:46 . 2009-04-17 21:47 -------- dc-h--w c:\windows\ie8
2009-04-17 21:46 . 2009-04-17 21:47 -------- d-----w c:\windows\system32\ar-SA
2009-04-17 13:15 . 2009-04-17 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-17 01:31 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-16 01:03 . 2009-04-16 01:03 -------- d-----w c:\documents and settings\asus\DoctorWeb
2009-04-16 00:58 . 2009-04-16 00:58 -------- d-----w c:\documents and settings\asus\Application Data\QuickScan
2009-04-15 01:45 . 2009-04-15 01:45 53907 ----a-w c:\windows\system32\ASTULog.cab
2009-04-15 01:45 . 2009-04-15 01:45 283 ----a-w c:\windows\system32\setup.rpt
2009-04-15 01:45 . 2009-04-15 01:45 1045 ----a-w c:\windows\system32\setup.inf
2009-04-15 01:45 . 2009-04-15 01:45 -------- d-----w c:\windows\ASTULogTemp
2009-04-15 01:02 . 2005-10-21 01:47 12800 ------w c:\windows\system32\drivers\usb8023x.sys
2009-04-15 01:02 . 2005-10-21 01:47 30592 ------w c:\windows\system32\drivers\rndismpx.sys
2009-04-14 14:34 . 2009-04-17 17:39 -------- d-----w C:\OutputFolder
2009-04-14 14:08 . 2009-04-18 05:13 -------- d---a-w C:\PrimerDB
2009-04-14 13:53 . 2009-04-14 13:53 373 ----a-w c:\windows\ODBC.INI
2009-04-14 13:52 . 2007-04-09 10:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-04-14 13:48 . 2009-04-14 13:51 -------- d-----w c:\windows\SHELLNEW
2009-04-14 10:54 . 2009-04-14 10:54 -------- d-----w c:\documents and settings\asus\Local Settings\Application Data\Identities
2009-04-14 07:19 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-14 04:07 . 2009-04-14 04:07 -------- d-----w c:\documents and settings\asus\Local Settings\Application Data\Ahead
2009-04-14 02:08 . 2009-04-14 02:08 -------- d-----w c:\documents and settings\asus\Application Data\Datalayer
2009-04-14 00:25 . 2009-04-17 13:26 -------- d-sh--w c:\documents and settings\asus\Phone Browser
2009-04-14 00:20 . 2009-04-14 00:20 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-13 23:00 . 2001-08-17 19:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-04-13 23:00 . 2001-08-17 19:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-13 23:00 . 2001-08-17 19:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-04-13 23:00 . 2001-08-17 19:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-13 23:00 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-04-13 23:00 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-13 23:00 . 2001-08-17 11:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-04-13 23:00 . 2001-08-17 11:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-13 23:00 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-04-13 23:00 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-04-13 23:00 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-13 23:00 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-13 22:57 . 2004-08-03 20:08 25600 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-13 22:57 . 2004-08-03 20:08 25600 ----a-w c:\windows\system32\drivers\usbser.sys
2009-04-13 22:55 . 2009-04-13 22:55 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-13 22:55 . 2009-04-13 22:55 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-13 22:52 . 2009-04-13 23:49 -------- d-----w c:\documents and settings\asus\Application Data\Nokia
2009-04-13 22:52 . 2009-04-13 22:52 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-13 22:52 . 2009-04-14 02:08 -------- d-----w c:\documents and settings\asus\Application Data\PC Suite
2009-04-13 22:51 . 2006-10-10 05:54 12800 ----a-w c:\windows\system32\drivers\nmwcdcj.sys
2009-04-13 22:51 . 2009-04-13 22:52 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-13 22:51 . 2008-05-02 07:58 90624 ----a-w c:\windows\system32\nmwcdcls.dll
2009-04-13 22:50 . 2009-04-13 22:50 -------- d-----w c:\windows\system32\VirtualExpander
2009-04-13 20:35 . 2009-04-18 10:31 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-13 20:25 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-13 20:25 . 2008-10-16 11:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-13 20:25 . 2008-10-16 11:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-12 14:00 . 2009-04-18 22:33 69 ----a-w c:\windows\NeroDigital.ini
2009-04-12 13:51 . 2009-04-13 22:35 -------- d-----w c:\documents and settings\asus\Application Data\BSplayer
2009-04-12 13:51 . 2009-04-12 13:51 -------- d-----w c:\documents and settings\asus\Application Data\BSplayer Pro
2009-04-12 13:30 . 2009-04-12 13:30 0 ----a-w c:\windows\nsreg.dat
2009-04-12 13:30 . 2009-04-12 13:30 -------- d-----w c:\documents and settings\asus\Local Settings\Application Data\Mozilla
2009-04-12 13:26 . 2009-04-18 22:49 -------- d-----w c:\documents and settings\asus\Application Data\DMCache
2009-04-12 13:26 . 2009-04-18 22:23 -------- d-----w c:\documents and settings\asus\Application Data\IDM
2009-04-12 05:35 . 2001-09-18 11:03 175104 -c--a-w c:\windows\system32\dllcache\csamsp.dll
2009-04-12 05:35 . 2001-09-18 11:03 175104 ----a-w c:\windows\system32\csamsp.dll
2009-04-12 05:35 . 2001-08-17 10:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-04-12 05:35 . 2001-08-17 10:57 16128 ----a-w c:\windows\system32\drivers\MODEMCSA.sys
2009-04-12 05:27 . 2008-03-28 10:47 54824 ------w c:\windows\system32\agrsmdel.exe
2009-04-12 05:27 . 2009-04-12 05:27 -------- d-----w c:\windows\Options
2009-04-12 05:27 . 2008-03-28 10:47 54824 ----a-w c:\windows\agrsmdel.exe
2009-04-12 05:27 . 2008-03-21 09:13 1203776 ----a-w c:\windows\system32\drivers\AGRSM.sys
2009-04-12 05:27 . 2008-03-18 09:27 13312 ----a-w c:\windows\system32\agrsmsvc.exe
2009-04-12 05:27 . 2007-12-11 09:40 13312 ------w c:\windows\system32\agrscoin.dll
2009-04-12 02:22 . 2009-04-12 02:22 146650 ----a-w c:\windows\system32\BuzzingBee.wav
2009-04-12 02:22 . 2009-04-12 02:22 940794 ----a-w c:\windows\system32\LoopyMusic.wav
2009-04-12 02:22 . 2009-04-12 02:22 -------- d-----w c:\windows\system32\Lang
2009-04-12 02:16 . 2003-03-18 20:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-04-12 02:16 . 2003-03-18 19:14 499712 ----a-w c:\windows\system32\MSVCP71.dll
2009-04-12 02:16 . 2003-02-21 03:42 348160 ----a-w c:\windows\system32\MSVCR71.dll
2009-04-12 02:15 . 2009-04-12 02:15 -------- d--h--w C:\ASUS.000
2009-04-12 02:15 . 2009-04-12 02:15 -------- d--h--w C:\ASUS.SYS
2009-04-12 02:13 . 2009-04-11 20:06 -------- d-----w c:\windows\system32\RTCOM
2009-04-12 02:12 . 2004-08-03 20:08 60288 -c--a-w c:\windows\system32\dllcache\drmk.sys
2009-04-12 02:12 . 2004-08-03 20:08 60288 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-12 02:12 . 2009-01-07 15:20 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-12 02:10 . 2009-04-11 19:25 4814371 ----a-w c:\windows\ASUS Camera ScreenSaver.exe
2009-04-12 02:10 . 2009-04-11 19:25 47672 ----a-w c:\windows\AsScrProlog.exe
2009-04-12 02:10 . 2009-04-11 19:25 281144 ----a-w c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2009-04-12 02:10 . 2009-04-11 19:25 520192 ----a-w c:\windows\system32\Asus_Camera_ScreenSaver.scr
2009-04-12 02:06 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-12 01:52 . 2009-04-12 01:52 -------- d-----w c:\windows\Cache
2009-04-12 01:50 . 2009-04-15 01:32 135 ----a-w c:\windows\cdplayer.ini
2009-04-12 01:47 . 2009-04-14 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-12 00:48 . 2009-04-16 10:41 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-11 23:33 . 2009-02-09 11:48 2137600 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-11 23:33 . 2009-02-09 11:48 2182016 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-11 23:33 . 2009-02-09 11:48 2017280 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-11 23:33 . 2009-02-09 11:48 2059264 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-11 23:15 . 2008-06-14 17:59 271616 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-11 23:15 . 2008-06-14 17:59 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-04-11 22:47 . 2009-04-11 22:47 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-04-11 22:34 . 2009-04-11 22:34 -------- d-sh--w c:\documents and settings\asus\UserData
2009-04-11 22:34 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-11 22:20 . 2009-04-17 21:47 -------- d--h--w c:\windows\$hf_mig$
2009-04-11 22:03 . 2009-04-12 00:02 -------- d-----w c:\documents and settings\asus\Application Data\CyberLink
2009-04-11 22:01 . 2009-04-18 22:35 -------- d-----w c:\documents and settings\asus\Tracing
2009-04-11 22:00 . 2007-03-22 18:28 1053232 ------w c:\windows\system32\MFC71u.dll
2009-04-11 21:51 . 2009-04-18 22:35 185449 ----a-w c:\windows\system32\nvapps.xml
2009-04-11 21:51 . 2009-04-12 02:21 -------- d-----w c:\windows\nview
2009-04-11 21:51 . 2008-09-19 08:28 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-11 21:51 . 2008-09-19 08:28 18394 ----a-w c:\windows\system32\nvdisp.nvu
2009-04-11 21:51 . 2008-10-09 05:04 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-11 21:49 . 2008-09-19 08:28 8777728 ----a-w c:\windows\system32\nvoglnt.dll
2009-04-11 21:39 . 2009-04-14 10:35 1555 ----a-w c:\windows\ata live update.ini
2009-04-11 21:29 . 2004-03-02 13:37 125184 ------w c:\windows\system32\drivers\imagesrv.sys
2009-04-11 21:29 . 2004-03-02 13:37 5504 ------w c:\windows\system32\drivers\imagedrv.sys
2009-04-11 21:29 . 2004-07-26 13:16 476320 ------w c:\windows\system32\ImagXpr7.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 22:43 . 2001-09-19 12:00 58920 ----a-w c:\windows\system32\perfc001.dat
2009-04-18 22:43 . 2001-09-19 12:00 328690 ----a-w c:\windows\system32\perfh001.dat
2009-04-18 22:33 . 2009-04-18 22:23 531 ----a-w C:\rapport.txt
2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\program files\Alfa Autorun Killer 2
2009-04-18 17:38 . 2009-04-18 17:38 -------- d-----w c:\program files\Abdullah AlZaid
2009-04-18 17:34 . 2009-04-11 21:57 -------- d-----w c:\program files\Windows Live
2009-04-18 17:33 . 2009-04-18 17:33 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-18 14:40 . 2009-04-18 14:40 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-17 23:12 . 2009-04-17 23:12 -------- d-----w c:\program files\Common Files\xing shared
2009-04-17 23:12 . 2009-04-12 01:50 -------- d-----w c:\program files\Common Files\Real
2009-04-16 14:26 . 2009-04-16 14:26 -------- d-----w c:\program files\TGTSoft
2009-04-16 01:15 . 2009-04-16 01:15 2678 ----a-w c:\windows\java\Packages\Data\7HZLBNXZ.DAT
2009-04-16 01:15 . 2009-04-16 01:15 2678 ----a-w c:\windows\java\Packages\Data\9FXRVRJJ.DAT
2009-04-16 01:15 . 2009-04-16 01:15 2678 ----a-w c:\windows\java\Packages\Data\OCG3XBJ7.DAT
2009-04-16 01:15 . 2009-04-16 01:15 2678 ----a-w c:\windows\java\Packages\Data\A82Q4NXN.DAT
2009-04-16 01:15 . 2009-04-16 01:15 2678 ----a-w c:\windows\java\Packages\Data\Y7DBBRBP.DAT
2009-04-15 02:17 . 2009-04-15 01:02 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-15 01:55 . 2009-04-15 01:55 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-15 01:45 . 2009-04-15 01:45 216 ----a-w C:\ASLog.txt
2009-04-15 00:59 . 2009-04-15 00:59 -------- d-----w c:\program files\Windows Mobile Device Handbook
2009-04-14 18:18 . 2009-04-14 18:18 552 ----a-w C:\TID28atsonline.log
2009-04-14 18:18 . 2009-04-14 14:09 3312 ----a-w C:\atsonline.log
2009-04-14 18:07 . 2009-04-14 18:07 552 ----a-w C:\TID27atsonline.log
2009-04-14 17:22 . 2009-04-14 17:22 552 ----a-w C:\TID12atsonline.log
2009-04-14 17:11 . 2009-04-14 17:11 552 ----a-w C:\TID11atsonline.log
2009-04-14 17:00 . 2009-04-14 17:00 552 ----a-w C:\TID10atsonline.log
2009-04-14 15:07 . 2009-04-11 20:55 74968 ----a-w c:\documents and settings\asus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 14:33 . 2009-04-14 14:33 -------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-04-14 14:09 . 2009-04-14 13:33 -------- d-----w c:\program files\MagicISO
2009-04-14 14:09 . 2009-04-14 14:09 552 ----a-w C:\TID8atsonline.log
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----w c:\program files\NCC Education
2009-04-14 14:07 . 2009-04-11 20:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 13:47 . 2009-04-14 13:47 -------- d-----w c:\program files\Microsoft.NET
2009-04-14 13:40 . 2009-04-14 13:40 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-14 13:40 . 2009-04-14 13:40 -------- d-----w c:\program files\UltraISO
2009-04-14 07:20 . 2009-04-14 07:20 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-13 23:17 . 2009-04-13 23:17 -------- d-----w c:\program files\Cirle Developement
2009-04-13 23:17 . 2009-04-13 23:17 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-13 23:08 . 2009-04-12 13:26 -------- d-----w c:\program files\Internet Download Manager
2009-04-13 22:52 . 2009-04-13 22:52 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-13 22:52 . 2009-04-13 22:52 -------- d-----w c:\program files\Common Files\Nokia
2009-04-13 22:52 . 2009-04-13 22:51 -------- d-----w c:\program files\Nokia
2009-04-13 22:52 . 2009-04-13 22:52 -------- d-----w c:\program files\DIFX
2009-04-13 22:52 . 2009-04-13 22:52 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-13 20:36 . 2009-04-13 20:36 -------- d-----w c:\program files\GetData
2009-04-12 13:54 . 2009-04-12 13:51 -------- d-----w c:\program files\BS.Player ControlBar
2009-04-12 13:51 . 2009-04-12 13:51 -------- d-----w c:\program files\Webteh
2009-04-12 04:41 . 2009-04-12 04:41 -------- d-----w c:\program files\Atheros
2009-04-12 04:41 . 2009-04-12 04:40 -------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2009-04-12 02:16 . 2009-04-12 02:16 -------- d-----w c:\program files\Alwil Software
2009-04-12 02:15 . 2008-03-11 12:10 46 ---ha-w C:\splash.idx
2009-04-12 02:14 . 2009-04-12 02:14 -------- d-----w c:\program files\Downloaded Installations
2009-04-12 01:50 . 2009-04-12 01:50 -------- d-----w c:\program files\Real
2009-04-12 01:47 . 2009-04-11 21:25 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 00:01 . 2009-04-12 00:01 -------- d-----w c:\program files\MSXML 6.0
2009-04-11 22:24 . 2009-04-11 20:58 -------- d-----w c:\program files\ASUS
2009-04-11 22:00 . 2009-04-11 22:00 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-11 22:00 . 2009-04-12 01:47 -------- d-----w c:\program files\CyberLink
2009-04-11 21:58 . 2009-04-11 21:58 -------- d-----w c:\program files\Microsoft
2009-04-11 21:34 . 2009-04-11 21:34 -------- d-----w c:\program files\Realtek
2009-04-11 21:34 . 2009-04-11 21:34 319488 ----a-w c:\windows\HideWin.exe
2009-04-11 21:34 . 2009-04-11 21:34 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-11 21:30 . 2009-04-12 01:52 -------- d-----w c:\program files\Common Files\Adobe
2009-04-11 21:29 . 2009-04-11 21:29 -------- d-----w c:\program files\Ahead
2009-04-11 21:29 . 2009-04-11 21:29 -------- d-----w c:\program files\Common Files\Ahead
2009-04-11 21:27 . 2009-04-11 21:27 -------- d-----w c:\program files\Google
2009-04-11 21:25 . 2009-04-11 21:25 2232 ----a-w c:\windows\java\Packages\Data\VD3FB7XZ.DAT
2009-04-11 21:25 . 2009-04-11 21:25 155995 ----a-w c:\windows\java\Packages\2UTVPFJL.ZIP
2009-04-11 21:23 . 2009-04-11 21:23 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-11 21:22 . 2009-04-11 20:49 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-11 20:50 . 2009-04-11 20:50 -------- d-----w c:\program files\microsoft frontpage
2009-04-11 20:47 . 2009-04-11 20:47 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-11 20:05 . 2009-04-11 20:05 -------- d-----w c:\program files\NVIDIA Corporation
2009-04-11 19:46 . 2009-04-11 19:46 -------- d-----w c:\program files\WIDCOMM
2009-04-11 19:44 . 2009-04-11 19:42 864 ----a-w C:\issetup.log
2009-04-11 19:37 . 2009-04-11 19:37 -------- d-----w c:\program files\ATKGFNEX
2009-04-11 19:36 . 2009-04-11 19:36 -------- d-----w c:\program files\ATKOSD2
2009-04-11 19:25 . 2009-04-11 19:25 6088686 ----a-w c:\documents and settings\asus\Local Settings\Application Data\Install.exe
2009-03-08 01:34 . 2004-08-03 21:55 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2004-08-03 21:55 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2004-08-03 21:55 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-03 21:55 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2004-08-03 21:55 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2004-08-03 21:55 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2004-08-03 21:55 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2004-08-03 21:53 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2004-08-03 21:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2001-09-19 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:44 . 2004-08-03 21:55 282624 ----a-w c:\windows\system32\pdh.dll
2009-02-09 14:15 . 2004-08-03 21:46 1846144 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:48 . 2004-08-04 00:48 2017280 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:48 . 2004-08-03 21:48 2137600 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:19 . 2004-08-03 21:55 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:19 . 2004-08-03 21:55 717824 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:19 . 2004-08-03 21:55 680960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2004-08-03 21:55 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:05 . 2004-08-03 21:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-09-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:08 . 2004-08-03 21:55 55808 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2009-01-22 12:41 408448 ----a-w c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2009-04-11 21:27 1157120 ----a-r c:\program files\google\GoogleToolbar1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2009-02-06 15:17 1068904 ----a-w c:\program files\Windows Live\Toolbar\wltcore.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-13 2745776]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-04-11 47672]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-17 198160]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-03 114688]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-19 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-03-08 236544]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\
00hoeav.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\
0w.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6fnlpetp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6x8be16.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2cmd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2free.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2upd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\abk.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Adobe Gamma Loader.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algsrvs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algssl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Angry.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antihost.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu-0607g.xml]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu.stt]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswBoot.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.bin]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Autorun.ini]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.reg]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.txt]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.wsh]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorunsc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvastSS.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avciman.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgamsvr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupsvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avzkrnl.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad1.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad2.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad3.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BIOSREAD.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caiss.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caissdt.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\catcache.dat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cauninst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavApp.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavasm.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavAUD.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCmd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCtx.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavEmSrv.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavmr.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavMUD.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavoar.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavQ.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRep.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRid.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSCons.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavse.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSn.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSub.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSubmit.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUMAS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUserUpd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavvl.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CEmRep.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahcomm.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahrule.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahum.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clldr.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMain.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\curidsbase.kdz]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\destrukto.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DF5Serv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\diffs.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32w.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb386.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebwcl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwreg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e9ehn1m8.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\edb.chk]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMDISK.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f0.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileKan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\flashy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FProtTray.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fptrayproc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE ]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FrzState2k.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fs6519.dll.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssf.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssync.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fun.xls.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\g2pfnid.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GetSI.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff_x64.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\h3.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hookinst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\host.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\i.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iefqwp.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ij.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstallCAVS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstLsp.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafe.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafInst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav.bav]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavbase.kdl]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ker.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KeyMgr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killVBS.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kl1.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klavemu.kdl]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.cat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.cat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klim5.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.ex]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licreg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lky.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\m2nl.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcappins.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcaupdate.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinfo.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcregwiz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdui.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsftsn.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsmap.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.pif]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfir80.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSGrc32.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msime80.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msizap.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcm80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcp80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr71.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd3.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\naiavfin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\new folder.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\njibyekk.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\olb1iimw.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OnAccessInstaller.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagent.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagentwd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavFnSvr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavReport.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prloader.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHost.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskmssvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QtnMaint.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcukd.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reload.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescuecd.zip]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rose.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sal.xls.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHOST.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhosts.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHSOT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHOST.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvvhosts.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHSOT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SendLogs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\session.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SocksA.ex]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOCFG.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOLITE.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSCAN.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSENT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidercpl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssvichosst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sxs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp2.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\toy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TPSrv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\unp_test.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\update.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updater.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSDbMaker.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\userdump.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UUpd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\v.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Act.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ECM.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ifs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32PP3.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Qtn.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbglobal.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbimport.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbinst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbsystry.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VetMsg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusutilities.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBPROXY.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whi.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinGrc32.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\yannh.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ybj8df.exe]
"Debugger"=c:\windows\system32\win.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e09bb196-271b-11de-bb27-002354a139bc}]
\Shell\AutoRun\command - 8.bat
\Shell\open\Command - 8.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ed38a5-2754-11de-bb33-002354a139bc}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-regdiit - c:\windows\system32\win.exe
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-PostBootReminder-{7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
.
------- Supplementary Scan -------
.
uStart Page =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: إرسال إلى &جهاز Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: إرسال إلى Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MI1933~1\OFFICE11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\wowctl2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: Microsoft XML Parser for Java -
DPF: {DD18AE59-EA36-461E-ADD2-5CD79FD22833} - hxxp://nbk.net/quran.cab
FF - ProfilePath - c:\documents and settings\asus\Application Data\Mozilla\Firefox\Profiles\97tdl0bc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\asus\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-19 01:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\nvLsp.dll
.
Completion time: 2009-04-18 1:49
ComboFix-quarantined-files.txt 2009-04-18 22:49
Pre-Run: 41,221,849,088 bytes free
Post-Run: 41,650,659,328 bytes free
912 --- E O F --- 2009-04-18 17:04
البرنامج الثاني
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:53:17, on 19/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\asus\My Documents\Downloads\Programs\Zyzoom_HijackThis_2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\AsScrProlog.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: إرسال إلى &جهاز Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إرسال إلى Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
O16 - DPF: {DD18AE59-EA36-461E-ADD2-5CD79FD22833} (Abdullah ActiveX Control) -
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9862 bytes
