TheTechGuide Forum

General Category => Tech Clinic => Topic started by: NuCK on November 12, 2006, 10:52:29 PM

Title: Browser Hijacked by My123.com
Post by: NuCK on November 12, 2006, 10:52:29 PM
Hi... recently my browser have been hijacked by this website called my123.com. I've tried running scans with Ad-aware, Spybot S&D and Mcafee's Viruscan to no avail. I've even tried editing the registry to change the startup page but for some reason it always gets changed back to that stupid site. So now i'm stumped. Please help! Below is my HJT log.
Thanks so much in advance!

Logfile of HijackThis v1.99.1
Scan saved at 10:52:39 AM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Installers\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715 (http://\"http://go.microsoft.com/fwlink/?linkid=7715\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D4B9DF-5025-46B6-9D4F-C732561EF122}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
Title: Browser Hijacked by My123.com
Post by: guestolo on November 12, 2006, 11:31:12 PM
Can I see the following please
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please
Title: Browser Hijacked by My123.com
Post by: NuCK on November 12, 2006, 11:44:30 PM
Hi...thanks for helping me out.

Here is the ComboFix log you requested.


EDITOR - 06-11-13 12:40:40.04    Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\EDITOR\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-10-13 to 2006-11-13  ))))))))))))))))))))))))))))))))))
 
 
2006-11-13 10:57 61,440 --a------ C:\WINDOWS\system32\patch09.dll
2006-10-16 10:19 162,304 --a------ C:\UNWISE.EXE


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 12:32 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-19 19:59 -------- d-------- C:\Documents and Settings\EDITOR\Application Data\Canon
2006-09-19 19:25 -------- d---s---- C:\Documents and Settings\EDITOR\Application Data\Microsoft
2006-09-19 19:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 19:23 -------- d-------- C:\Program Files\Canon
2006-09-19 19:21 -------- d-------- C:\Program Files\ScanSoft
2006-09-19 19:21 -------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2006-09-19 19:21 -------- d-------- C:\Program Files\Common Files
2006-09-19 19:21 -------- d-------- C:\Documents and Settings\EDITOR\Application Data\ScanSoft
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"nTrayFw"="C:\\NVIDIA\\NetworkAccessManager\\bin\\nTrayFw.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"NWEReboot"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,60,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoFolderOptions"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-13 12:41:15.81
C:\ComboFix.txt ... 06-11-13 12:41
Title: Browser Hijacked by My123.com
Post by: guestolo on November 13, 2006, 12:05:20 AM
Can you do the following please
I want to check on a file
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")

Use the browse button and navigate to the file on your harddrive

C:\WINDOWS\system32\patch09.dll <-this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 12:34:21 AM
STATUS: SCANNINGFile "patch09.dll" received on 11.13.2006 at 06:25:20 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

AntivirusVersionUpdateResultAntiVir7.2.0.3911.12.2006 no virus foundAuthentium4.93.811.10.2006 no virus foundAvast4.7.892.011.13.2006 no virus foundAVG38611.12.2006 no virus foundBitDefender7.211.13.2006 no virus foundCAT-QuickHeal8.0011.11.2006 no virus foundClamAVdevel-2006042611.12.2006 no virus foundDrWeb4.3311.12.2006 no virus foundeTrust-InoculateIT23.73.5311.13.2006 no virus foundeTrust-Vet30.3.318611.10.2006 no virus foundEwido4.011.12.2006 no virus foundFortinet2.82.0.011.13.2006 no virus foundF-Prot3.16f11.10.2006 no virus foundF-Prot44.2.1.2911.10.2006 no virus foundIkarus0.2.65.011.10.2006 no virus foundKaspersky4.0.2.2411.13.2006 no virus foundMcAfee489311.10.2006 no virus foundMicrosoft1.1609 11.13.2006 no virus foundNOD32v2186211.10.2006 no virus foundNorman5.80.0211.10.2006 no virus foundPanda9.0.0.411.12.2006 no virus foundSophos4.11.011.07.2006 no virus foundTheHacker6.0.1.11711.12.2006 no virus foundUNA1.8311.10.2006 no virus foundVBA323.11.111.13.2006 no virus found

Aditional InformationFile size: 61440 bytesMD5: 25f3b26e8ebe5bb668d250209bd50ae0



The Status is still "Scanning" but it has stopped responding for some time... so i thought i'd just send this over first.

Oh and BTW, the beep for all my system notices and whatever has been changed to the old school beep sound, which i'm not sure is from the speakers or the cpu itself.
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 12:36:30 AM
oops here is a better formated version

STATUS: SCANNING
File "patch09.dll" received on 11.13.2006 at 06:25:20 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.


AntivirusVersionUpdateResult
AntiVir7.2.0.3911.12.2006 no virus found
Authentium4.93.811.10.2006 no virus found
Avast4.7.892.011.13.2006 no virus found
AVG38611.12.2006 no virus found
BitDefender7.211.13.2006 no virus found
CAT-QuickHeal8.0011.11.2006 no virus found
ClamAVdevel-2006042611.12.2006 no virus found
DrWeb4.3311.12.2006 no virus found
eTrust-InoculateIT23.73.5311.13.2006 no virus found
eTrust-Vet30.3.318611.10.2006 no virus found
Ewido4.011.12.2006 no virus found
Fortinet2.82.0.011.13.2006 no virus found
F-Prot3.16f11.10.2006 no virus found
F-Prot44.2.1.2911.10.2006 no virus found
Ikarus0.2.65.011.10.2006 no virus found
Kaspersky4.0.2.2411.13.2006 no virus found
McAfee489311.10.2006 no virus found
Microsoft1.1609 11.13.2006 no virus found
NOD32v2186211.10.2006 no virus found
Norman5.80.0211.10.2006 no virus found
Panda9.0.0.411.12.2006 no virus found
Sophos4.11.011.07.2006 no virus found
TheHacker6.0.1.11711.12.2006 no virus found
UNA1.8311.10.2006 no virus found
VBA323.11.111.13.2006 no virus found



Aditional Information
File size: 61440 bytes
MD5: 25f3b26e8ebe5bb668d250209bd50ae0
SHA1: eeec476210de0db2ba9a4b0f1fbfad1cce633952
Title: Browser Hijacked by My123.com
Post by: guestolo on November 13, 2006, 12:57:47 AM
Let's take a look at another log please
Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\") from Ewido networksThen reboot your computer in Safe Mode by doing the following :Once in safe mode
* Clean your Cache and Cookies in IE:* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
[/list]* Clean other Temporary files + Recycle bincleanmgr and click ok.
AVG-AntiSpyware Scan
"Resident Shield" and "Start with Windows"
[/list]Reboot the computer back to Normal windows


Can you post back the following please

1. Post a fresh hijackthis log
2. Post the whole report from AVG-Antispyware
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 01:26:51 AM
Okay thanks... Downloading AVG now. Just to let you know... I just realized my pc can't play music or sounds anymore.
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 02:00:47 AM
Hi

Done the scans and all. Here is the new HJT logfile.

Logfile of HijackThis v1.99.1
Scan saved at 14:57, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Installers\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715 (http://\"http://go.microsoft.com/fwlink/?linkid=7715\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D4B9DF-5025-46B6-9D4F-C732561EF122}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 02:02:12 AM
And here is the Scan Logfile

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at: 14:53 11/13/2006

 + Scan result:

 

C:\WINDOWS\system32\qpramy07.dll -> Downloader.Agent.bbc : Cleaned.
C:\WINDOWS\system32\drivers\qpramy07.sys -> Hijacker.StartPage.amg : Cleaned.
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\LightWave [8]\Programs\ssg-lw80.exe -> Trojan.Agent.jh : Cleaned.


::Report end
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 04:29:02 AM
Just ran the scan 3 more times....  "qpramy07.sys and .dll" were found every time even though it is cleaned. /mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

And my PC says I have no audio device. /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Title: Browser Hijacked by My123.com
Post by: guestolo on November 13, 2006, 01:45:39 PM
Quote
Okay thanks... Downloading AVG now. Just to let you know... I just realized my pc can't play music or sounds anymore.
May be totally unrelated, we didn't run no fixes before this happened, we only ran a couple scanners, which would NOT disable sound

Let's worry about the infections first please
Can you do the following please
Download GMER from here:
http://www.gmer.net/gmer.zip (http://\"http://www.gmer.net/gmer.zip\")

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

After you post that log, can you post another log from Gmer please
This scan is very fast
Open Gmer.exe again and click on the AutoStart tab
You may have to click the >>> beside Rootkit to see the Autostart tab
This time ensure there is a check in SHOW ALL
Click SCAN, when done
Click COPY
Then paste the contents back here
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 09:37:12 PM
GMER 1.0.12.11889 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2006-11-14 10:35:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT   \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                                                              ZwOpenProcess
SSDT   qpramy07.sys                                                                                                                             ZwQueryValueKey
SSDT   \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                                                              ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text  C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe[180] WS2_32.dll!connect                                                            71AB406A 5 Bytes  JMP 00FD3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\MSN Messenger\msnmsgr.exe[252] WS2_32.dll!connect                                                                       71AB406A 5 Bytes  JMP 02F33E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[260] WS2_32.dll!connect                                                               71AB406A 5 Bytes  JMP 00C63E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[272] WS2_32.dll!connect                             71AB406A 5 Bytes  JMP 01553E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[568] WS2_32.dll!connect                                                71AB406A 5 Bytes  JMP 02853E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  ...                                                                                                                                      
.text  C:\Documents and Settings\EDITOR\Desktop\gmer\gmer.exe[3784] WS2_32.dll!connect                                                          71AB406A 5 Bytes  JMP 00E53E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\Internet Explorer\IEXPLORE.EXE[3976] WS2_32.dll!connect                                                                 71AB406A 5 Bytes  JMP 03193E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\Common Files\Teleca Shared\Generic.exe[4596] WS2_32.dll!connect                                                         71AB406A 5 Bytes  JMP 02AA3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[5328] WS2_32.dll!connect                                       71AB406A 5 Bytes  JMP 011D3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[5948] ws2_32.dll!connect                                                               71AB406A 5 Bytes  JMP 052E3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll

---- Files - GMER 1.0.12 ----

ADS    C:\Documents and Settings\EDITOR\My Documents\Hell Hole Documents\Trinity Documents\Job Sheet.ai:SummaryInformation                    
ADS    C:\Documents and Settings\EDITOR\My Documents\Hell Hole Documents\Trinity Documents\Job Sheet.ai:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}  

---- EOF - GMER 1.0.12 ----
Title: Browser Hijacked by My123.com
Post by: NuCK on November 13, 2006, 09:39:05 PM
And here is the Autostart scan with show all


GMER 1.0.12.11889 - http://www.gmer.net (http://\"http://www.gmer.net\")
Autostart scan 2006-11-14 10:37:14
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute ("Manager@BootExecute") = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
Antiwpa@DLLName ("Antiwpa@DLLName") = antiwpa.dll
AtiExtEvent@DLLName ("AtiExtEvent@DLLName") = Ati2evxx.dll
crypt32chain@DLLName ("crypt32chain@DLLName") = crypt32.dll
cryptnet@DLLName ("cryptnet@DLLName") = cryptnet.dll
cscdll@DLLName ("cscdll@DLLName") = cscdll.dll
ScCertProp@DLLName ("ScCertProp@DLLName") = wlnotify.dll
Schedule@DLLName ("Schedule@DLLName") = wlnotify.dll
sclgntfy@DLLName ("sclgntfy@DLLName") = sclgntfy.dll
SensLogn@DLLName ("SensLogn@DLLName") = WlNotify.dll
termsrv@DLLName ("termsrv@DLLName") = wlnotify.dll
wlballoon@DLLName ("wlballoon@DLLName") = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ANIWZCSdService /*ANIWZCSd Service*/@ = C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
app_filter /*app_filter*/@ = C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Browser /*Computer Browser*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*DCOM Server Process Launcher*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*DHCP Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver /*Logical Disk Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
ForcewareWebInterface /*Forceware Web Interface*/@ = "C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Irmon /*Infrared Monitor*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
McDetect.exe /*McAfee WSC Integration*/@ = c:\program files\mcafee.com\agent\mcdetect.exe
McShield /*McAfee.com McShield*/@ = c:\PROGRA~1\mcafee.com\vso\mcshield.exe
McTskshd.exe /*McAfee Task Scheduler*/@ = c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
nSvcIp /*ForceWare IP service*/@ = C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
nSvcLog /*ForceWare user log service*/@ = C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Remote Registry*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall/Internet Connection Sharing (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Security Center*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Automatic Updates*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Wireless Zero Configuration*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NVMixerTray"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" = "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
@nTrayFwC:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe = C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
@ATICCC"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
@D-Link AirPlus GC:\Program Files\D-Link\AirPlus G\AirGCFG.exe = C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
@RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@VSOCheckTask"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
@VirusScan OnlineC:\Program Files\McAfee.com\VSO\mcvsshld.exe = C:\Program Files\McAfee.com\VSO\mcvsshld.exe
@OASClntC:\Program Files\McAfee.com\VSO\oasclnt.exe = C:\Program Files\McAfee.com\VSO\oasclnt.exe
@MCAgentExec:\PROGRA~1\mcafee.com\agent\mcagent.exe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
@MCUpdateExec:\PROGRA~1\mcafee.com\agent\mcupdate.exe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
@iTunesHelperC:\Program Files\iTunes\iTunesHelper.exe = C:\Program Files\iTunes\iTunesHelper.exe
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@OpwareSE2"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" = "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@ANIWZCS2ServiceC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
@NWEReboot /*file not found*/ =  /*file not found*/
@ /*file not found*/ =  /*file not found*/
@Sony Ericsson PC Suite"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /s
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*Channel File*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Channel Shortcut*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/C:\Program Files\SmartFTP\smarthook.dll = C:\Program Files\SmartFTP\smarthook.dll
@{A5110426-177D-4e08-AB3F-785F10B4439C} /*Sony Ericsson File Manager*/C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll = C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{3FBFD0B0-EB46-4797-9101-615610E87DA6} /*StuffIt Compress Menu*/C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll = C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll
@{09308CE0-6ECC-4DB6-A957-2AD37E5E3C7E} /*StuffIt Archive Menu*/C:\Program Files\Allume Systems\StuffIt\ArchiveMenu.dll = C:\Program Files\Allume Systems\StuffIt\ArchiveMenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920 ("Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920")} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03 ("Files@{750fdf0e-2a26-11d1-a3ea-080036587f03")} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936 ("With@{09799AFB-AD67-11d1-ABCD-00C04FC30936")} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46 ("EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46")} = %SystemRoot%\system32\SHELL32.dll
StuffIt Compress Menu@{3FBFD0B0-EB46-4797-9101-615610E87DA6 ("Menu@{3FBFD0B0-EB46-4797-9101-615610E87DA6")} = C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{CFC7205E-2792-4378-9591-3879CC6C9022}c:\progra~1\mcafee.com\vso\mcvsshl.dll = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920 ("Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920")} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46 ("EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46")} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03 ("Files@{750fdf0e-2a26-11d1-a3ea-080036587f03")} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6 ("Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6")} = ntshrui.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu@{3FBFD0B0-EB46-4797-9101-615610E87DA6 ("Menu@{3FBFD0B0-EB46-4797-9101-615610E87DA6")} = C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{CFC7205E-2792-4378-9591-3879CC6C9022} = c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome\")
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home (http://\"http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home\")
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.my123.com/ = http://www.my123.com/ (http://\"http://www.my123.com/\")
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID ("application/octet-stream@CLSID") = C:\WINDOWS\system32\mscoree.dll
application/x-complus@CLSID ("application/x-complus@CLSID") = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload@CLSID ("application/x-msdownload@CLSID") = C:\WINDOWS\system32\mscoree.dll
Class Install Handler@CLSID ("Handler@CLSID") = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID ("deflate@CLSID") = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID ("gzip@CLSID") = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID ("lzdhtml@CLSID") = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID ("text/webviewhtml@CLSID") = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID ("text/xml@CLSID") = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID ("about@CLSID") = %SystemRoot%\system32\mshtml.dll
cdl@CLSID ("cdl@CLSID") = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID ("dvd@CLSID") = C:\WINDOWS\system32\msvidctl.dll
file@CLSID ("file@CLSID") = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID ("ftp@CLSID") = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID ("gopher@CLSID") = C:\WINDOWS\system32\urlmon.dll
http@CLSID ("http@CLSID") = C:\WINDOWS\system32\urlmon.dll
https@CLSID ("https@CLSID") = C:\WINDOWS\system32\urlmon.dll
its@CLSID ("its@CLSID") = C:\WINDOWS\system32\itss.dll
javascript@CLSID ("javascript@CLSID") = %SystemRoot%\system32\mshtml.dll
local@CLSID ("local@CLSID") = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID ("mailto@CLSID") = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID ("mhtml@CLSID") = %SystemRoot%\system32\inetcomm.dll
mk@CLSID ("mk@CLSID") = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID ("ms-its@CLSID") = C:\WINDOWS\system32\itss.dll
msnim@CLSID ("msnim@CLSID") = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID ("mso-offdap@CLSID") = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID ("mso-offdap11@CLSID") = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID ("res@CLSID") = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID ("sysimage@CLSID") = %SystemRoot%\system32\mshtml.dll
tv@CLSID ("tv@CLSID") = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID ("vbscript@CLSID") = %SystemRoot%\system32\mshtml.dll
wia@CLSID ("wia@CLSID") = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55D4B9DF-5025-46B6-9D4F-C732561EF122} /*Local Area Connection*/ >>>
@IPAddress192.168.1.2 = 192.168.1.2
@NameServer202.188.0.133,202.188.1.5 = 202.188.0.133,202.188.1.5
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath ("000000000001@LibraryPath") = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath ("000000000002@LibraryPath") = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath ("000000000003@LibraryPath") = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem ("000000000001@PackedCatalogItem") = %SYSTEMROOT%\system32\nvappfilter.dll
000000000002@PackedCatalogItem ("000000000002@PackedCatalogItem") = %SYSTEMROOT%\system32\nvappfilter.dll
000000000003@PackedCatalogItem ("000000000003@PackedCatalogItem") = %SYSTEMROOT%\system32\nvappfilter.dll
000000000004@PackedCatalogItem ("000000000004@PackedCatalogItem") = %SYSTEMROOT%\system32\nvappfilter.dll
000000000005@PackedCatalogItem ("000000000005@PackedCatalogItem") = %SYSTEMROOT%\system32\nvappfilter.dll
000000000006@PackedCatalogItem ("000000000006@PackedCatalogItem") = %SYSTEMROOT%\system32\nvappfilter.dll
000000000007@PackedCatalogItem ("000000000007@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem ("000000000008@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem ("000000000009@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem ("000000000010@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem ("000000000011@PackedCatalogItem") = %SystemRoot%\system32\rsvpsp.dll
000000000012@PackedCatalogItem ("000000000012@PackedCatalogItem") = %SystemRoot%\system32\rsvpsp.dll
000000000013@PackedCatalogItem ("000000000013@PackedCatalogItem") = %SYSTEMROOT%\system32\nvappfilter.dll
000000000014@PackedCatalogItem ("000000000014@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem ("000000000015@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem ("000000000016@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem ("000000000017@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem ("000000000018@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem ("000000000019@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem ("000000000020@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem ("000000000021@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem ("000000000022@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem ("000000000023@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem ("000000000024@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem ("000000000025@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem ("000000000026@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem ("000000000027@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll
000000000028@PackedCatalogItem ("000000000028@PackedCatalogItem") = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000029@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\EDITOR\Start Menu\Programs\Startup = Adobe Gamma.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
ATI CATALYST System Tray.lnk = ATI CATALYST System Tray.lnk

---- EOF - GMER 1.0.12 ----
Title: Browser Hijacked by My123.com
Post by: guestolo on November 14, 2006, 12:32:38 AM
Can we try the following to ensure that those files are removed
FIRST, and Important
REDownload Hijackthis from my signature below
SAVE it to your desktop

Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop

Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop


Download The Avenger.zip (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.

    * Click on Avenger.zip to open the file
    * Extract avenger.exe to your desktop

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
=============================================================
[color=\"#0000FF\"]
files to delete:
C:\WINDOWS\system32\qpramy07.dll
C:\WINDOWS\system32\drivers\qpramy07.sys

Programs to launch on reboot:
C:\Program Files\HijackThis\HijackThis.exe
[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

After reboot, Windows will take a bit longer to load
After a bit, Hijackthis will open
Do a "SCAN" only
Put a tick next to these entries

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")

Then click FIX CHECKED
Ok any prompts

Windows desktop icons will finally load
Can you do the following

1. Post a fresh hijackthis log
2. Post the report from Avenger, located here>>C:\Avenger.txt

With the above 2 logs, could you also

RIGHT CLICK an empty spot on your desktop and select
NEW>>Text Document
A new text document will be placed on desktop
Name it find.txt

Open find.txt
Copy>>Paste all the text below in the code box to it
Don't include the word 'code'
Close find.txt after you paste the info below and save the changes

Code: [Select]
RegSearch Options File

[Search]
qpramy07

[Options]
Filter=KVDLUI
Download Registry Search (http://\"http://www.bleepingcomputer.com/files/steelwerx/regsearch.zip\") to your desktop.

    * Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
    * Open the new folder, and double click on regsearch.exe
    * Click "Import" in the lower left corner and browse to the find.txt file that you just saved on your desktop.
    * Double click on find.txt
    * Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
    * Please reply here with the entire contents of the Notepad file from RegSearch.
Title: Browser Hijacked by My123.com
Post by: NuCK on November 14, 2006, 02:03:05 AM
Here is the Avenger Log. Once again thank you SO much for your time.


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\opmnjamx

*******************

Script file located at: \??\C:\WINDOWS\system32\engplkuw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\qpramy07.dll deleted successfully.
File C:\WINDOWS\system32\drivers\qpramy07.sys deleted successfully.
Program C:\Program Files\HijackThis\HijackThis.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished!  Terminate.
Title: Browser Hijacked by My123.com
Post by: NuCK on November 14, 2006, 02:06:10 AM
Here is the HJT Log. It seems the first 4 lines i deleted is still there even after i clicked FIX CHECKED.


Logfile of HijackThis v1.99.1
Scan saved at 14:54, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715 (http://\"http://go.microsoft.com/fwlink/?linkid=7715\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [odnjmefi] C:\hfddumuo.bat
O4 - HKLM\..\RunOnce: [qpramy07] %systemroot%\system32\Rundll32.exe %systemroot%\system32\qpramy07.dll,DllUnregisterServer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D4B9DF-5025-46B6-9D4F-C732561EF122}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe


 



And here is the result of the regsearch



REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 11/14/2006 2:59:15 PM for strings:
;  'qpramy07'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data  
; HKEY_LOCAL_MACHINE  HKEY_USERS  


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07]
; Contents of value:
;   system32\drivers\qpramy07.sys
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,71,70,72,\
  61,6d,79,30,37,2e,73,79,73,00
"DisplayName"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000\Control]
"ActiveService"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qpramy07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qpramy07]
; Contents of value:
;   system32\drivers\qpramy07.sys
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,71,70,72,\
  61,6d,79,30,37,2e,73,79,73,00
"DisplayName"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qpramy07\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qpramy07\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\qpramy07\Enum]
"0"="Root\\LEGACY_QPRAMY07\000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\qpramy07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\qpramy07]
; Contents of value:
;   system32\drivers\qpramy07.sys
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,71,70,72,\
  61,6d,79,30,37,2e,73,79,73,00
"DisplayName"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\qpramy07\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000\Control]
"ActiveService"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qpramy07]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qpramy07]
; Contents of value:
;   system32\drivers\qpramy07.sys
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,71,70,72,\
  61,6d,79,30,37,2e,73,79,73,00
"DisplayName"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qpramy07\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qpramy07\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qpramy07\Enum]
"0"="Root\\LEGACY_QPRAMY07\000"

; End Of The Log...
Title: Browser Hijacked by My123.com
Post by: guestolo on November 14, 2006, 02:54:23 AM
Just on my way to bed
In the meantime, can you do the following please

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop, we'll need it later
Ensure to copy from REGEDIT4 and down in the code box

 
Code: [Select]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qpramy07]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07]

Print these instructions, or copy>>paste them too a text file for reference
Close all browser windows, including this one, till you advised to reopen your browser

Can you delete RegSearch.txt on your desktop
Don't delete RegSearch.exe, we'll need it in a bit

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- qpramy07

If found
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply it and OK
Exit out of there



Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
=============================================================
[color=\"#0000FF\"]
Drivers to unload:
qpramy07

files to delete:
C:\WINDOWS\system32\qpramy07.dll
C:\WINDOWS\system32\drivers\qpramy07.sys
C:\WINDOWS\system32\patch09.dll

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | qpramy07

Programs to launch on reboot:
C:\Program Files\HijackThis\HijackThis.exe
[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer
In the case such as your, where 'Drivers to unload' is in the script
Your computer will actually have to reboot twice, this is normal

When Hijackthis opens,

Fix Check these entries again
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/ (http://\"http://www.my123.com/\")

Don't open any browser Windows
Double click on fix.reg and allow to add/merge to the registry at the prompt

Reboot the computer again

Post back all the following please

1. Post a fresh hijackthis log
2. Again, post the log from Avenger>>C:\Avenger.txt
3. Can you run RegSearch.exe again>>Again Import find.txt
Run the scan and post it's new log too

This may be a Chinese keyword infection, we can try a different tool if the above won't work

<EDITED the above script for Avenger>
Don't know why edit is not functioning properly?
Title: Browser Hijacked by My123.com
Post by: NuCK on November 14, 2006, 03:18:24 AM
Wow I think we finally got rid of it! Thanks so so much guestolo! I'm really really grateful /laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />

Attached are the fresh logs.

Logfile of HijackThis v1.99.1
Scan saved at 16:10, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715 (http://\"http://go.microsoft.com/fwlink/?linkid=7715\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D4B9DF-5025-46B6-9D4F-C732561EF122}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe


 







And here is the Avenger Log.


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tsiqsecr

*******************

Script file located at: \??\C:\Documents and Settings\rckdycgd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver qpramy07 unloaded successfully.


Registry key \Registry\Machine\System\CurrentControlSet\Services\cdnprot not found!
Unload of driver cdnprot failed!

Could not process line:
cdnprot
Status: 0xc0000034

 

File C:\WINDOWS\system32\qpramy07.dll not found!
Deletion of file C:\WINDOWS\system32\qpramy07.dll failed!

Could not process line:
C:\WINDOWS\system32\qpramy07.dll
Status: 0xc0000034

 

File C:\WINDOWS\system32\drivers\qpramy07.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\qpramy07.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\qpramy07.sys
Status: 0xc0000034

File C:\WINDOWS\system32\patch09.dll deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce|qpramy07
Deletion of registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce|qpramy07 failed!
Status: 0xc0000034

Program C:\Program Files\HijackThis\HijackThis.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished!  Terminate.





And finally the Regsearch Log.



REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 11/14/2006 4:12:05 PM for strings:
;  'qpramy07'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data  
; HKEY_LOCAL_MACHINE  HKEY_USERS  


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07]
; Contents of value:
;   system32\drivers\qpramy07.sys
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,71,70,72,\
  61,6d,79,30,37,2e,73,79,73,00
"DisplayName"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000]
"Service"="qpramy07"
"DeviceDesc"="qpramy07"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000\LogConf]

; End Of The Log...
Title: Browser Hijacked by My123.com
Post by: NuCK on November 14, 2006, 03:29:14 AM
There's another PC here that's infected with this too. I'm gonna try and remove it following the steps here. However in his case the name of the bad files are "lslldr14.sys" and "lslldr14.dll".
Can i just replace "qpramy07" with "lslldr14" and fix his pc using the same steps and tools above?
Title: Browser Hijacked by My123.com
Post by: guestolo on November 14, 2006, 01:02:13 PM
Just hold tight on the other computer right now

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
=============================================================
[color=\"#0000FF\"]
Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop

    * Under "Script file to execute" choose "Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Come back here and post one last hijackthis log and a new log from Avenger>>C:\Avenger.txt

Can you start a New Thread in this forum and post a Hijackthis log from the other computer
It will be less confusing that way

EDITED above script
Title: Browser Hijacked by My123.com
Post by: NuCK on November 14, 2006, 11:31:59 PM
Thanks again guestolo.
Here is a fresh HJT log

Logfile of HijackThis v1.99.1
Scan saved at 12:27, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715 (http://\"http://go.microsoft.com/fwlink/?linkid=7715\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D4B9DF-5025-46B6-9D4F-C732561EF122}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe


 


And here is the Avenger Log


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xkbgopca

*******************

Script file located at: \??\C:\ldhdnvca.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000\LogConf not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000\LogConf failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000\LogConf
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_QPRAMY07000
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07\Security deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qpramy07 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000\LogConf not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000\LogConf failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000\LogConf
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_QPRAMY07000
Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000\LogConf not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000\LogConf failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000\LogConf
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_QPRAMY07000
Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000\LogConf not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000\LogConf failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000\LogConf
Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07
Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QPRAMY07000
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.



Also...was wondering if you found anything else bad in there that causes my pc to disable my soundcard. I played around with it a lil bit and found that i could get sound back by disabling my sound device and then reenabling it... but then everytime i reboot the pc I have to repeat the process to get back my sound.
Title: Browser Hijacked by My123.com
Post by: dckm on November 18, 2006, 01:49:08 AM
Hi Guestolo,

I came across this forum cause my PC been hijacked by my123.com too. I've tried following as closely as possible your guide to nuck but to no luck. Really hope you can help me to rid this problem.
Thanks. I've attached my hjt log file.

EDIT>>I removed your hijackthis log
Can you please start your own topic in this forum please and include a fresh Hijackthis log
It will may it far less confusing this way <guestolo>
Title: Browser Hijacked by My123.com
Post by: guestolo on November 18, 2006, 06:30:24 PM
Can you do the following please, I want to double check some entries
download SREng
http://www.kztechs.com/sreng/sreng2.zip (http://\"http://www.kztechs.com/sreng/sreng2.zip\")

Extract it to Desktop and double click SREng.exe to run it
Select: Smart Scan and click on the [Scan] button.

The progress bar may stop at times, be patient, it is still scanning.

When finished, click on the Save Reports button and save the log to Desktop

Please post the SREng log in your reply.
Title: Browser Hijacked by My123.com
Post by: dckm on November 18, 2006, 11:45:25 PM
Hi Guestolo,

I've created another forum addressing my problem. Please see title "Need help - hijacked by my123.com".
Thanks.
Title: Browser Hijacked by My123.com
Post by: NuCK on November 20, 2006, 03:24:16 AM
Here is the log you requested.

2006-11-20,16:24:39

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe">  [NVIDIA Corporation]
    <nTrayFw><C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe>  [NVIDIA Corporation]
    <ATICCC><"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime>  [N/A]
    <D-Link AirPlus G><C:\Program Files\D-Link\AirPlus G\AirGCFG.exe>  [D-Link]
    <RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <VSOCheckTask><"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask>  [McAfee, Inc.]
    <VirusScan Online><C:\Program Files\McAfee.com\VSO\mcvsshld.exe>  [McAfee, Inc.]
    <OASClnt><C:\Program Files\McAfee.com\VSO\oasclnt.exe>  [McAfee, Inc.]
    <MCAgentExe><c:\PROGRA~1\mcafee.com\agent\mcagent.exe>  [McAfee, Inc]
    <MCUpdateExe><c:\PROGRA~1\mcafee.com\agent\mcupdate.exe>  [McAfee, Inc]
    <iTunesHelper><C:\Program Files\iTunes\iTunesHelper.exe>  [Apple Computer, Inc.]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <OpwareSE2><"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe">  [ScanSoft, Inc.]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <ANIWZCS2Service><C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe>  [Alpha Networks Inc.]
    <NWEReboot><>  [N/A]
    <Sony Ericsson PC Suite><"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions>  [Sony Ericsson Mobile Communications AB]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
    <WinlogonNotify: Antiwpa><antiwpa.dll>  [N/A]

==================================
Startup Folders
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[ATI CATALYST System Tray]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk --> C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [ATI Technologies Inc.]><N>
[Adobe Gamma]
  <C:\Documents and Settings\EDITOR\Start Menu\Programs\Startup\Adobe Gamma.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ANIWZCSd Service / ANIWZCSdService]
  <C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe><Alpha Networks Inc.>
[app_filter / app_filter]
  <C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe><>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Forceware Web Interface / ForcewareWebInterface]
  <"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice><Apache Software Foundation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod Service / iPodService]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[McAfee WSC Integration / McDetect.exe]
  <c:\program files\mcafee.com\agent\mcdetect.exe><McAfee, Inc>
[McAfee.com McShield / McShield]
  <c:\PROGRA~1\mcafee.com\vso\mcshield.exe><McAfee Inc.>
[McAfee Task Scheduler / McTskshd.exe]
  <c:\PROGRA~1\mcafee.com\agent\mctskshd.exe><McAfee, Inc>
[McAfee SecurityCenter Update Manager / mcupdmgr.exe]
  <C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe><McAfee, Inc>
[ForceWare IP service / nSvcIp]
  <C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe><N/A>
[ForceWare user log service / nSvcLog]
  <C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe><N/A>

==================================
Drivers
[D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) / A3AB]
  <system32\DRIVERS\A3AB.sys><D-Link Corporation>
[ANIO Service / ANIO]
  <\??\C:\WINDOWS\system32\ANIO.SYS><Alpha Networks Inc.>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[FXDRV / FXDRV]
  <\??\E:\Fxdrv.sys><N/A>
[GEAR CDRom Filter / GEARAspiWDM]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer]
  <System32\DRIVERS\gmer.sys><GMER>
[NaiAvFilter1 / NaiAvFilter1]
  <system32\drivers\naiavf5x.sys><McAfee Inc.>
[nvatabus / nvatabus]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[Service for NVIDIA® nForce(tm) Audio Enumerator / nvax]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Service for NVIDIA® nForce(tm) Audio / nvnforce]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA TCP/IP Protocol Driver / NVTCP]
  <System32\DRIVERS\NVTcp.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[802.11b/g Wireless LAN USB 2.0 Adapter Driver / RT73]
  <system32\DRIVERS\rt73.sys><N/A>
[Sony Ericsson Device 039 Driver driver (WDM) / SE27bus]
  <system32\DRIVERS\SE27bus.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Modem Filter / SE27mdfl]
  <system32\DRIVERS\SE27mdfl.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Modem Driver / SE27mdm]
  <system32\DRIVERS\SE27mdm.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) / SE27mgmt]
  <system32\DRIVERS\SE27mgmt.sys><MCCI>
[Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) / se27nd5]
  <system32\DRIVERS\se27nd5.sys><MCCI>
[Sony Ericsson Device 039 USB WMC OBEX Interface / SE27obex]
  <system32\DRIVERS\SE27obex.sys><MCCI>
[Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) / se27unic]
  <system32\DRIVERS\se27unic.sys><MCCI>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SmartLock Pro(1K) / Slp1kdr]
  <\SystemRoot\System32\Drivers\SLP1KDR.SYS><N/A>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Run IMVU]
  {d9288080-1baa-4bc4-9cf8-a92d743db949} <C:\Documents and Settings\EDITOR\Start Menu\Programs\IMVU\Run IMVU.lnk, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[McAfee VirusScan]
  {BA52B914-B692-46c4-B683-905236F6F655} <c:\progra~1\mcafee.com\vso\mcvsshl.dll, McAfee, Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Macromedia, Inc.>
[McAfee.com Operating System Class]
  {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
  {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[McAfee.com Download+Installer Class]
  {36C417C6-13C6-448B-9784-DD73A93B0582} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[McAfee.com Registry Class]
  {4C29D864-C55A-46DD-865C-17A1B7CC1A1A} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[McAfee.com Operating System Class]
  {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[Microsoft Licensed Class Manager 1.0]
  {5220CB21-C88D-11CF-B347-00AA00A28331} <C:\WINDOWS\system32\licmgr10.dll, Microsoft Corporation>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[McAfee.com File System Class]
  {5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[McAfee VirusScan]
  {BA52B914-B692-46C4-B683-905236F6F655} <c:\progra~1\mcafee.com\vso\mcvsshl.dll, McAfee, Inc.>
[DwnldGroupMgr Class]
  {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} <C:\WINDOWS\system32\mcgdmgr.dll, McAfee, Inc>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[McAfee.com Shell Helper Class]
  {CA145D71-4BCB-461D-BCBE-C01C42867380} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[McAfee.com Application Helper Class]
  {D2D8D3C0-C750-4703-A6AD-75D6B578FFE6} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 500][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\antiwpa.dll]  [N/A, 3.4.2]
[PID: 668][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
[PID: 832][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 844][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
[PID: 980][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
[PID: 1032][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
[PID: 1164][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
[PID: 1456][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fxhl2ziu.dll]  [Fuji Xerox Co.,Ltd., 2.5.0.23]
    [C:\WINDOWS\system32\spool\drivers\w32x86\3\fxhl2jdm.dll]  [Fuji Xerox Co.,Ltd., 2.5.0.23]
    [C:\WINDOWS\system32\spool\drivers\w32x86\3\fxhl2zir.xrs]  [Fuji Xerox Co.,Ltd., 2.5.0.23]
[PID: 1704][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 1776][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]
    [c:\progra~1\mcafee.com\vso\mcvsshl.dll]  [McAfee, Inc., 10, 0, 0, 19]
    [c:\progra~1\mcafee.com\vso\ShlRes.dll]  [McAfee, Inc., 10, 0, 0, 19]
    [C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll]  [Allume Systems, Inc., 9.0.0.21]
    [C:\Program Files\Allume Systems\StuffIt\Allume.dll]  [Allume Systems, Inc, 9.0.0.21]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\opshel32.dll]  [ScanSoft, Inc., 12.0]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\operrors.dll]  [ScanSoft, Inc., 12.0]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\OpComCtl.dll]  [ScanSoft, Inc., 12.0]
    [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\SmartFTP\smarthook.dll]  [SmartFTP, 1.0.2.1]
    [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll]  [Sony Ericsson Mobile Communications AB, 1, 3, 11, 0]
    [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll]  [Sony Ericsson Mobile Communications AB, 1, 3, 4, 0]
[PID: 1920][C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe]  [NVIDIA Corporation, ]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_common.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_common_firewall.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 1, 0, 2, 0]
    [C:\NVIDIA\NetworkAccessManager\bin\SpecialCase.dll]  [N/A, N/A]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 1928][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe]  [ATI Technologies Inc., 1.2.2090.43051]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0657bf99\mscorlib.dll]  [N/A, N/A]
    [c:\program files\ati technologies\ati.ace\log.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\program files\ati technologies\ati.ace\cli.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\program files\ati technologies\ati.ace\log.foundation.service.dll]  [ATI Technologies Inc., 1.2.2090.43051]
    [c:\program files\ati technologies\ati.ace\log.foundation.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_ea48d385\system.dll]  [N/A, N/A]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_3d5d6cae\system.windows.forms.dll]  [N/A, N/A]
    [c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll]  [ATI Technologies Inc., 1.2.2090.43051]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_9ba022c1\system.xml.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
    [c:\program files\ati technologies\ati.ace\cli.component.runtime.dll]  [ATI Technologies Inc., 1.2.2090.43055]
    [c:\program files\ati technologies\ati.ace\aem.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bb974d15\system.drawing.dll]  [N/A, N/A]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.43044]
    [c:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
    [c:\program files\ati technologies\ati.ace\dem.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demosinfo.dll]  [ATI Technologies Inc., 1.2.2026.29947]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demosadapterinfo.dll]  [ATI Technologies Inc., 1.2.2026.29960]
    [c:\program files\ati technologies\ati.ace\dem.graphics.dematiadapterinfo.dll]  [ATI Technologies Inc., 1.2.2026.29953]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdriversettings.dll]  [ATI Technologies Inc., 1.2.2026.29947]
    [c:\program files\ati technologies\ati.ace\atidemgr.dll]  [ATI Technologies Inc., 1.2.2090.42841]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demosmodeinfo.dll]  [ATI Technologies Inc., 1.2.2026.29950]
    [c:\program files\ati technologies\ati.ace\dem.graphics.dematidisplaysmanagersettings.dll]  [ATI Technologies Inc., 1.2.2026.29951]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdisplayscoloursettings.dll]  [ATI Technologies Inc., 1.2.2026.29948]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demvideooverlaysettings.dll]  [ATI Technologies Inc., 1.2.2026.29950]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demsmartgartsettings.dll]  [ATI Technologies Inc., 1.2.2026.29951]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demumaframebuffersettings.dll]  [ATI Technologies Inc., 1.2.2026.29951]
    [c:\program files\ati technologies\ati.ace\dem.graphics.dempowerplaysettings.dll]  [ATI Technologies Inc., 1.2.2026.29969]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrivesettings.dll]  [ATI Technologies Inc., 1.2.2026.29969]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrive3settings.dll]  [ATI Technologies Inc., 1.2.2026.29970]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdisplaysmanageroptionssettings.dll]  [ATI Technologies Inc., 1.2.2026.29952]
    [c:\program files\ati technologies\ati.ace\dem.graphics.workstationsettings.dll]  [ATI Technologies Inc., 1.2.2026.29960]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommonsettings.dll]  [ATI Technologies Inc., 1.2.2026.29968]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecrtsettings.dll]  [ATI Technologies Inc., 1.2.2026.29969]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecomponentvideosettings.dll]  [ATI Technologies Inc., 1.2.2026.29946]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetvsettings.dll]  [ATI Technologies Inc., 1.2.2026.29961]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfpsettings.dll]  [ATI Technologies Inc., 1.2.2026.29968]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicelcdsettings.dll]  [ATI Technologies Inc., 1.2.2026.29967]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demvpurecoverinfo.dll]  [ATI Technologies Inc., 1.2.2026.29968]
    [c:\program files\ati technologies\ati.ace\dem.graphics.mmoverlaysettings.dll]  [ATI Technologies Inc., 1.2.2026.29967]
    [c:\program files\ati technologies\ati.ace\dem.graphics.mmdeintlacingsettings.dll]  [ATI Technologies Inc., 1.2.2026.29968]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demvideotheatermodesettings.dll]  [ATI Technologies Inc., 1.2.2026.29967]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetv2settings.dll]  [ATI Technologies Inc., 1.2.2026.29961]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demmultivpusettings.dll]  [ATI Technologies Inc., 1.2.2032.14723]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommon2settings.dll]  [ATI Technologies Inc., 1.2.2026.29947]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfp2settings.dll]  [ATI Technologies Inc., 1.2.2026.29948]
    [c:\program files\ati technologies\ati.ace\dem.graphics.demverylargedesktopsettings.dll]  [ATI Technologies Inc., 1.2.2026.30965]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42923]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2040.22844]
    [c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42891]
    [c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2040.22838]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42945]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42941]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2053.19640]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42899]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29953]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42985]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29947]
    [c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42964]
    [c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29962]
    [c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42933]
    [c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.shared.dll]  [ATI Technologies Inc., 1.2.2026.29952]
    [c:\program files\ati technologies\ati.ace\dem.graphics.videooverlay.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
    [c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42937]
    [c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42930]
    [c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
    [c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42926]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.43012]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42906]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42999]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29969]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42899]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.43007]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2033.19041]
    [c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42910]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2033.19045]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42994]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42990]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.43003]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42903]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
    [c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42953]
    [c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29969]
    [c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42960]
    [c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42949]
    [c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29951]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42976]
    [c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42969]
    [c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42972]
    [c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29953]
    [c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42915]
    [c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29952]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2053.19635]
    [c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
    [c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
    [c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2090.42853]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29950]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2036.29112]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29961]
    [c:\program files\ati technologies\ati.ace\apm.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29959]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 1948][C:\Program Files\D-Link\AirPlus G\AirGCFG.exe]  [D-Link, 3, 3, 1, 50329]
    [C:\WINDOWS\system32\wlanapi.dll]  [Alpha Networks Inc., 1, 3, 19, 50222]
    [C:\WINDOWS\system32\ANIOApi.dll]  [Alpha Networks Inc., 2, 0, 0, 40127]
    [C:\WINDOWS\system32\AQCKGen.dll]  [Alpha Networks Inc., 1, 0, 0, 30603]
    [C:\WINDOWS\system32\WlanApp.dll]  [Alpha Networks Inc., 1, 0, 10, 50316]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
[PID: 1956][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]  [Cyberlink Corp., 6.00.1027]
    [C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll]  [CyberLink Corp., 3.2.2021 ]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 1996][C:\Program Files\McAfee.com\VSO\mcvsshld.exe]  [McAfee, Inc., 10, 0, 0, 22]
    [C:\Program Files\McAfee.com\VSO\VsCfgW32.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [C:\Program Files\McAfee.com\VSO\ashldres.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\program files\mcafee.com\agent\submgr\6,0,0,15\mcsubmgr.dll]  [McAfee, Inc, 6, 0, 0, 15]
    [c:\program files\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\progra~1\mcafee.com\vso\mcvsps.dll]  [McAfee, Inc, 10, 0, 0, 17]
[PID: 2004][C:\Program Files\McAfee.com\VSO\oasclnt.exe]  [McAfee, Inc., 10, 0, 0, 24]
    [c:\program files\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]
    [c:\progra~1\mcafee.com\vso\naiannps.dll]  [McAfee, Inc, 10, 0, 0, 0]
    [c:\progra~1\mcafee.com\vso\mcvsps.dll]  [McAfee, Inc, 10, 0, 0, 17]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 2012][C:\PROGRA~1\mcafee.com\agent\mcagent.exe]  [McAfee, Inc, 6, 0, 0, 16]
    [C:\PROGRA~1\mcafee.com\agent\SCRes.dll]  [McAfee, Inc, 6, 0, 0, 7]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\program files\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]
    [c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll]  [McAfee, Inc, 6, 0, 0, 4]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 2036][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 4.7.1.30]
    [C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 4.7.1.30]
    [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 4.7.1.30]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 168][C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe]  [ScanSoft, Inc., 12.0]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 232][c:\progra~1\mcafee.com\vso\mcvsescn.exe]  [McAfee, Inc., 10, 0, 0, 20]
    [c:\progra~1\mcafee.com\vso\ashldres.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\progra~1\mcafee.com\vso\EmScnRes.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\program files\mcafee.com\vso\vsoupd.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\progra~1\mcafee.com\vso\McVsWorm.dll]  [McAfee, Inc., 10, 0, 0, 19]
    [C:\Program Files\McAfee.com\VSO\VsCfgW32.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\progra~1\mcafee.com\vso\WormRes.dll]  [McAfee, Inc., 10, 0, 0, 19]
    [c:\program files\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]
[PID: 252][C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe]  [Alpha Networks Inc., 1, 0, 6, 41216]
    [C:\WINDOWS\system32\ANIWZCS2.DLL]  [Alpha Networks Inc., 2, 4, 10, 50318]
    [C:\WINDOWS\system32\AQCKGen.dll]  [Alpha Networks Inc., 1, 0, 0, 30603]
    [C:\WINDOWS\system32\ANIOApi.dll]  [Alpha Networks Inc., 2, 0, 0, 40127]
    [C:\WINDOWS\system32\WlanApp.dll]  [Alpha Networks Inc., 1, 0, 10, 50316]
    [C:\WINDOWS\system32\wlanapi.dll]  [Alpha Networks Inc., 1, 3, 19, 50222]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 268][C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe]  [Sony Ericsson Mobile Communications AB, 1.1.1.3]
    [C:\Program Files\Common Files\Teleca Shared\Telecalib_logging.dll]  [Teleca/Popwire AB, 1, 0, 2, 3]
    [C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_32.dll]  [N/A, N/A]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll]  [Sony Ericsson Mobile Communications AB, 1.0.6.1]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll]  [Sony Ericsson Mobile Communications AB, 1.0.6.1]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [C:\Program Files\Common Files\Teleca Shared\TC Device Mgmt.dll]  [Teleca Software Solutions, 1, 0, 1, 1]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 372][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
[PID: 400][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 7.5.0324]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [C:\WINDOWS\system32\devenum.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  [Macromedia, Inc., 10.1.1r16]
[PID: 532][C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe]  [Teleca Software Solutions AB, 0.0.1.48]
    [C:\Program Files\Common Files\Teleca Shared\Telecalib_logging.dll]  [Teleca/Popwire AB, 1, 0, 2, 3]
    [C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_32.dll]  [N/A, N/A]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 1524][C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.49]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_asis.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_autoindex.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_dir.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_imap.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_isapi.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so]  [Apache Software Foundation, 2.0.47]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll]  [N/A, N/A]
[PID: 256][c:\program files\mcafee.com\agent\mcdetect.exe]  [McAfee, Inc, 6, 0, 0, 19]
[PID: 1200][c:\PROGRA~1\mcafee.com\vso\mcshield.exe]  [McAfee Inc., 11.0.0.151]
    [c:\PROGRA~1\mcafee.com\vso\RES00\McShield.DLL]  [McAfee Inc., 11.0.0.141]
    [c:\PROGRA~1\mcafee.com\vso\FTL.Dll]  [McAfee Inc., 11.0.0.151]
    [c:\PROGRA~1\mcafee.com\vso\naiann.dll]  [McAfee, Inc., 10, 0, 0, 21]
    [c:\PROGRA~1\mcafee.com\vso\mytilus.dll]  [McAfee Inc., 11.0.0.151]
    [C:\Program Files\McAfee.com\VSO\MCSCAN32.DLL]  [McAfee, Inc., 5.1.00]
    [c:\program files\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]
    [c:\progra~1\mcafee.com\vso\naiannps.dll]  [McAfee, Inc, 10, 0, 0, 0]
[PID: 1344][c:\PROGRA~1\mcafee.com\agent\mctskshd.exe]  [McAfee, Inc, 6, 0, 0, 13]
[PID: 1680][C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.49]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_asis.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_autoindex.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_dir.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_imap.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_isapi.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.49]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so]  [Apache Software Foundation, 2.0.47]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll]  [N/A, N/A]
[PID: 1648][c:\progra~1\mcafee.com\vso\mcvsftsn.exe]  [McAfee, Inc., 10, 0, 0, 19]
    [C:\Program Files\McAfee.com\VSO\VsCfgW32.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\program files\mcafee.com\agent\submgr\6,0,0,15\mcsubmgr.dll]  [McAfee, Inc, 6, 0, 0, 15]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
    [c:\program files\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]
[PID: 2216][C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_common.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_common_firewall.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 1, 0, 2, 0]
    [C:\NVIDIA\NetworkAccessManager\bin\SpecialCase.dll]  [N/A, N/A]
[PID: 3620][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3000]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 3856][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3904][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 4016][C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe]  [, 1, 0, 0, 1]
    [C:\NVIDIA\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 1, 0, 2, 0]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_common.dll]  [N/A, N/A]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_resource_L1033.dll]  [NVIDIA Corporation, 1, 0, 1, 0]
    [C:\NVIDIA\NetworkAccessManager\bin\AppFltUi.dll]  [NVIDIA Corporation, ]
[PID: 716][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\progra~1\mcafee.com\vso\McVSSkt.dll]  [McAfee, Inc., 10, 0, 0, 26]
[PID: 1812][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 4.7.1.30]
    [C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 4.7.1.30]
    [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 4.7.1.30]
[PID: 452][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
[PID: 5080][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe]  [ATI Technologies Inc., 1.2.2090.43051]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0657bf99\mscorlib.dll]  [N/A, N/A]
    [C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  [ScanSoft, Inc., 12.0]
    [c:\program files\ati technologies\ati.ace\log.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\program files\ati technologies\ati.ace\cli.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\program files\ati technologies\ati.ace\log.foundation.service.dll]  [ATI Technologies Inc., 1.2.2090.43051]
    [c:\program files\ati technologies\ati.ace\log.foundation.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_ea48d385\system.dll]  [N/A, N/A]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_3d5d6cae\system.windows.forms.dll]  [N/A, N/A]
    [c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll]  [ATI Technologies Inc., 1.2.2090.43051]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_9ba022c1\system.xml.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nvappfilter.dll]  [N/A, N/A]
    [c:\program files\ati technologies\ati.ace\cli.component.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.43056]
    [c:\program files\ati technologies\ati.ace\cli.foundation.clients.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\program files\ati technologies\ati.ace\cli.component.dashboard.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
    [c:\program files\ati technologies\ati.ace\cli.component.runtime.dll]  [ATI Technologies Inc., 1.2.2090.43055]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
    [c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
    [c:\program files\ati technologies\ati.ace\aem.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
    [c:\program files\ati technologies\ati.ace\cli.caste.local.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.43060]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.43047]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.shared.dll]  [ATI Technologies Inc., 1.2.2026.29953]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bb974d15\system.drawing.dll]  [N/A, N/A]
    [c:\program files\ati technologies\ati.ace\cli.aspect.welcome.local.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42923]
    [c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42973]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42982]
    [c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42888]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42976]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.43013]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42907]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.43000]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42899]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.43008]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42912]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42996]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42991]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.43003]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42903]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42946]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42942]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42896]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2090.42986]
    [c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.dashb