ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/16 23:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked
#: 001 Function Name: NtAccessCheck
Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked
#: 003 Function Name: NtAccessCheckByType
Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked
#: 008 Function Name: NtAddAtom
Status: Not hooked
#: 009 Function Name: NtAddBootEntry
Status: Not hooked
#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb236e
#: 012 Function Name: NtAlertResumeThread
Status: Not hooked
#: 013 Function Name: NtAlertThread
Status: Not hooked
#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked
#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked
#: 016 Function Name: NtAllocateUuids
Status: Not hooked
#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked
#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked
#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked
#: 020 Function Name: NtCallbackReturn
Status: Not hooked
#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked
#: 022 Function Name: NtCancelIoFile
Status: Not hooked
#: 023 Function Name: NtCancelTimer
Status: Not hooked
#: 024 Function Name: NtClearEvent
Status: Not hooked
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd16b8
#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked
#: 027 Function Name: NtCompactKeys
Status: Not hooked
#: 028 Function Name: NtCompareTokens
Status: Not hooked
#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked
#: 030 Function Name: NtCompressKey
Status: Not hooked
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb360c
#: 032 Function Name: NtContinue
Status: Not hooked
#: 033 Function Name: NtCreateDebugObject
Status: Not hooked
#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked
#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3b40
#: 036 Function Name: NtCreateEventPair
Status: Not hooked
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb2d78
#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked
#: 039 Function Name: NtCreateJobObject
Status: Not hooked
#: 040 Function Name: NtCreateJobSet
Status: Not hooked
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd1574
#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked
#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3a18
#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb0d0a
#: 045 Function Name: NtCreatePagingFile
Status: Not hooked
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb38d4
#: 047 Function Name: NtCreateProcess
Status: Not hooked
#: 048 Function Name: NtCreateProcessEx
Status: Not hooked
#: 049 Function Name: NtCreateProfile
Status: Not hooked
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb2102
#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3c72
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb540e
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7bb9c24
#: 054 Function Name: NtCreateTimer
Status: Not hooked
#: 055 Function Name: NtCreateToken
Status: Not hooked
#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3976
#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked
#: 058 Function Name: NtDebugContinue
Status: Not hooked
#: 059 Function Name: NtDelayExecution
Status: Not hooked
#: 060 Function Name: NtDeleteAtom
Status: Not hooked
#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked
#: 062 Function Name: NtDeleteFile
Status: Not hooked
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7bb9c33
#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd1a52
#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb321c
#: 067 Function Name: NtDisplayString
Status: Not hooked
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd114c
#: 069 Function Name: NtDuplicateToken
Status: Not hooked
#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb1e3a
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb1ee4
#: 074 Function Name: NtExtendSection
Status: Not hooked
#: 075 Function Name: NtFilterToken
Status: Not hooked
#: 076 Function Name: NtFindAtom
Status: Not hooked
#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked
#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked
#: 079 Function Name: NtFlushKey
Status: Not hooked
#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked
#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked
#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked
#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked
#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3016
#: 085 Function Name: NtGetContextThread
Status: Not hooked
#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked
#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked
#: 088 Function Name: NtGetWriteWatch
Status: Not hooked
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked
#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked
#: 091 Function Name: NtImpersonateThread
Status: Not hooked
#: 092 Function Name: NtInitializeRegistry
Status: Not hooked
#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked
#: 094 Function Name: NtIsProcessInJob
Status: Not hooked
#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked
#: 096 Function Name: NtListenPort
Status: Not hooked
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb4ea6
#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7bb9c42
#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb144e
#: 100 Function Name: NtLockFile
Status: Not hooked
#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked
#: 102 Function Name: NtLockRegistryKey
Status: Not hooked
#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked
#: 104 Function Name: NtMakePermanentObject
Status: Not hooked
#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked
#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked
#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked
#: 108 Function Name: NtMapViewOfSection
Status: Not hooked
#: 109 Function Name: NtModifyBootEntry
Status: Not hooked
#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked
#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb2030
#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked
#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked
#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3be2
#: 115 Function Name: NtOpenEventPair
Status: Not hooked
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb2b08
#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked
#: 118 Function Name: NtOpenJobObject
Status: Not hooked
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd164e
#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3ab0
#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd108c
#: 123 Function Name: NtOpenProcessToken
Status: Not hooked
#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb5438
#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3d14
#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd10f0
#: 129 Function Name: NtOpenThreadToken
Status: Not hooked
#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked
#: 131 Function Name: NtOpenTimer
Status: Not hooked
#: 132 Function Name: NtPlugPlayControl
Status: Not hooked
#: 133 Function Name: NtPowerInformation
Status: Not hooked
#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked
#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked
#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked
#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked
#: 138 Function Name: NtPulseEvent
Status: Not hooked
#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked
#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked
#: 141 Function Name: NtQueryBootOptions
Status: Not hooked
#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked
#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked
#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked
#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked
#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked
#: 147 Function Name: NtQueryEaFile
Status: Not hooked
#: 148 Function Name: NtQueryEvent
Status: Not hooked
#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked
#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked
#: 151 Function Name: NtQueryInformationFile
Status: Not hooked
#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked
#: 153 Function Name: NtQueryInformationPort
Status: Not hooked
#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked
#: 155 Function Name: NtQueryInformationThread
Status: Not hooked
#: 156 Function Name: NtQueryInformationToken
Status: Not hooked
#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked
#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked
#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked
#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb1f8e
#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb1bb6
#: 162 Function Name: NtQueryMutant
Status: Not hooked
#: 163 Function Name: NtQueryObject
Status: Not hooked
#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked
#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked
#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked
#: 167 Function Name: NtQuerySection
Status: Not hooked
#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked
#: 169 Function Name: NtQuerySemaphore
Status: Not hooked
#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked
#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked
#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked
#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked
#: 174 Function Name: NtQuerySystemTime
Status: Not hooked
#: 175 Function Name: NtQueryTimer
Status: Not hooked
#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd176e
#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked
#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb5128
#: 181 Function Name: NtRaiseException
Status: Not hooked
#: 182 Function Name: NtRaiseHardError
Status: Not hooked
#: 183 Function Name: NtReadFile
Status: Not hooked
#: 184 Function Name: NtReadFileScatter
Status: Not hooked
#: 185 Function Name: NtReadRequestData
Status: Not hooked
#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked
#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked
#: 188 Function Name: NtReleaseMutant
Status: Not hooked
#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked
#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked
#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb1b34
#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7bb9c4c
#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb409e
#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3f64
#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked
#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked
#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 199 Function Name: NtRequestPort
Status: Not hooked
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb4c30
#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked
#: 202 Function Name: NtResetEvent
Status: Not hooked
#: 203 Function Name: NtResetWriteWatch
Status: Not hooked
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd172e
#: 205 Function Name: NtResumeProcess
Status: Not hooked
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb5860
#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb0ec4
#: 208 Function Name: NtSaveKeyEx
Status: Not hooked
#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb3312
#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked
#: 212 Function Name: NtSetBootOptions
Status: Not hooked
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb2984
#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked
#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked
#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked
#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked
#: 218 Function Name: NtSetEaFile
Status: Not hooked
#: 219 Function Name: NtSetEvent
Status: Not hooked
#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked
#: 221 Function Name: NtSetHighEventPair
Status: Not hooked
#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked
#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked
#: 224 Function Name: NtSetInformationFile
Status: Not hooked
#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked
#: 226 Function Name: NtSetInformationKey
Status: Not hooked
#: 227 Function Name: NtSetInformationObject
Status: Not hooked
#: 228 Function Name: NtSetInformationProcess
Status: Not hooked
#: 229 Function Name: NtSetInformationThread
Status: Not hooked
#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb45f2
#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked
#: 232 Function Name: NtSetIoCompletion
Status: Not hooked
#: 233 Function Name: NtSetLdtEntries
Status: Not hooked
#: 234 Function Name: NtSetLowEventPair
Status: Not hooked
#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked
#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked
#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb4fa0
#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked
#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb54c2
#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked
#: 242 Function Name: NtSetSystemTime
Status: Not hooked
#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked
#: 244 Function Name: NtSetTimer
Status: Not hooked
#: 245 Function Name: NtSetTimerResolution
Status: Not hooked
#: 246 Function Name: NtSetUuidSeed
Status: Not hooked
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf2cd18ae
#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked
#: 249 Function Name: NtShutdownSystem
Status: Not hooked
#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked
#: 251 Function Name: NtStartProfile
Status: Not hooked
#: 252 Function Name: NtStopProfile
Status: Not hooked
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb55a6
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb56d2
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb4dd2
#: 256 Function Name: NtTerminateJobObject
Status: Not hooked
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb26ea
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb263c
#: 259 Function Name: NtTestAlert
Status: Not hooked
#: 260 Function Name: NtTraceEvent
Status: Not hooked
#: 261 Function Name: NtTranslateFilePath
Status: Not hooked
#: 262 Function Name: NtUnloadDriver
Status: Not hooked
#: 263 Function Name: NtUnloadKey
Status: Not hooked
#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked
#: 265 Function Name: NtUnlockFile
Status: Not hooked
#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked
#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked
#: 268 Function Name: NtVdmControl
Status: Not hooked
#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked
#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked
#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked
#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked
#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked
#: 274 Function Name: NtWriteFile
Status: Not hooked
#: 275 Function Name: NtWriteFileGather
Status: Not hooked
#: 276 Function Name: NtWriteRequestData
Status: Not hooked
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf2fb27c8
#: 278 Function Name: NtYieldExecution
Status: Not hooked
#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked
#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked
#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked
#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked
#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked
Processes
-------------------
Path: System
PID: 4 Status: -
Path: C:\WINDOWS\system32\spoolsv.exe
PID: 440 Status: -
Path: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 532 Status: -
Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 612 Status: -
Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 672 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 692 Status: -
Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 768 Status: -
Path: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 796 Status: -
Path: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 820 Status: -
Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 824 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 892 Status: -
Path: C:\WINDOWS\system32\smss.exe
PID: 904 Status: -
Path: C:\WINDOWS\system32\csrss.exe
PID: 976 Status: -
Path: C:\WINDOWS\system32\winlogon.exe
PID: 1000 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1012 Status: -
Path: C:\WINDOWS\system32\services.exe
PID: 1052 Status: -
Path: C:\WINDOWS\system32\lsass.exe
PID: 1064 Status: -
Path: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 1240 Status: -
Path: C:\WINDOWS\system32\nvsvc32.exe
PID: 1276 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1312 Status: -
Path: C:\WINDOWS\ehome\ehSched.exe
PID: 1348 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1388 Status: -
Path: C:\WINDOWS\system32\ctfmon.exe
PID: 1456 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1492 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1540 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1608 Status: -
Path: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PID: 1672 Status: -
Path: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PID: 1696 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1720 Status: -
Path: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1904 Status: -
Path: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1928 Status: -
Path: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1988 Status: -
Path: C:\WINDOWS\ehome\RMSvc.exe
PID: 2104 Status: -
Path: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID: 2132 Status: -
Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2228 Status: -
Path: C:\WINDOWS\system32\slserv.exe
PID: 2320 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 2504 Status: -
Path: C:\WINDOWS\system32\alg.exe
PID: 2532 Status: -
Path: C:\Documents and Settings\user\Desktop\RootRepeal.exe
PID: 2536 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 2596 Status: -
Path: C:\WINDOWS\explorer.exe
PID: 2696 Status: -
Path: C:\WINDOWS\ehome\McrdSvc.exe
PID: 2844 Status: -
Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 3080 Status: -
Path: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3116 Status: -
Path: C:\WINDOWS\system32\dllhost.exe
PID: 3132 Status: -
Path: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 3432 Status: -
Path: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 3776 Status: -
Path: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 4036 Status: -
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/16 23:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\avira\antivir desktop\temp\avguard.tmp
Status: Allocation size mismatch (API: 33636352, Raw: 34537472)
Path: C:\Documents and Settings\Dr Who\Local Settings\Apps\2.0\8OZGD2AN.H0P\A8W1OWT7.ERD\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/16 23:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF75FB000 Size: 57344 File Visible: - Signed: -
Status: -
Name: 3xHybrid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
Address: 0xF5795000 Size: 710144 File Visible: - Signed: -
Status: -
Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xF78DB000 Size: 19520 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF74AC000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: adfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\adfs.SYS
Address: 0xB81A7000 Size: 67840 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF2DA7000 Size: 138496 File Visible: - Signed: -
Status: -
Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF781B000 Size: 60800 File Visible: - Signed: -
Status: -
Name: aswFsBlk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Address: 0xF790B000 Size: 32768 File Visible: - Signed: -
Status: -
Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xB8375000 Size: 87424 File Visible: - Signed: -
Status: -
Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xB7097000 Size: 15104 File Visible: - Signed: -
Status: -
Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xF2CC9000 Size: 135168 File Visible: - Signed: -
Status: -
Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xF77EB000 Size: 39104 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF743E000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7D23000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0xF7B51000 Size: 6144 File Visible: - Signed: -
Status: -
Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xB86AB000 Size: 86016 File Visible: - Signed: -
Status: -
Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xF2CEA000 Size: 139264 File Visible: - Signed: -
Status: -
Name: BdaSup.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BdaSup.SYS
Address: 0xF6DCA000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B49000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF79EB000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdr4_xp.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS
Address: 0xF7D02000 Size: 2432 File Visible: - Signed: -
Status: -
Name: Cdralw2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS
Address: 0xF7D03000 Size: 2560 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF77BB000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF763B000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF762B000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7456000 Size: 153344 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7AE1000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF60C2000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2CB1000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B53000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF2FF5000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7BFB000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF79B3000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76BB000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7893000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF741E000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B47000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF747C000 Size: 125056 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF5867000 Size: 163840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF77DB000 Size: 36864 File Visible: - Signed: -
Status: -
Name: hidir.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidir.sys
Address: 0xF78EB000 Size: 19200 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF789B000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7A9F000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB7F86000 Size: 265728 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76AB000 Size: 52480 File Visible: - Signed: -
Status: -
Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7ADF000 Size: 5504 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF784B000 Size: 36352 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF2EB9000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF2F60000 Size: 75264 File Visible: - Signed: -
Status: -
Name: IrBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IrBus.sys
Address: 0xF77CB000 Size: 46592 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75DB000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF79BB000 Size: 24576 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF555B000 Size: 14592 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7ADB000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kl1.sys
Image Path: kl1.sys
Address: 0xF6DEE000 Size: 5373952 File Visible: - Signed: -
Status: -
Name: klbg.sys
Image Path: klbg.sys
Address: 0xF764B000 Size: 45056 File Visible: - Signed: -
Status: -
Name: klif.sys
Image Path: C:\WINDOWS\system32\DRIVERS\klif.sys
Address: 0xF2F93000 Size: 319488 File Visible: - Signed: -
Status: -
Name: klim5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\klim5.sys
Address: 0xF76CB000 Size: 40960 File Visible: - Signed: -
Status: -
Name: klmouflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\klmouflt.sys
Address: 0xF6082000 Size: 36864 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB6622000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF5772000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF73F5000 Size: 92928 File Visible: - Signed: -
Status: -
Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF765B000 Size: 57600 File Visible: - Signed: -
Status: -
Name: LBeepKE.sys
Image Path: C:\WINDOWS\System32\Drivers\LBeepKE.sys
Address: 0xF7C83000 Size: 3712 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B4B000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF79D3000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF555F000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF760B000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB81E0000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF2D0C000 Size: 455680 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF78B3000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF770B000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF6DAA000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF730E000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7328000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF6DBE000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB85EF000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF5732000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF60E2000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF780B000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF2E91000 Size: 162816 File Visible: - Signed: -
Status: -
Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF768B000 Size: 61824 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF78BB000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7355000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7D04000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000 Size: 5898240 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xF58A3000 Size: 8055584 File Visible: - Signed: -
Status: -
Name: nvport.sys
Image Path: C:\WINDOWS\system32\Drivers\nvport.sys
Address: 0xF78D3000 Size: 28672 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF75EB000 Size: 61696 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF5749000 Size: 80128 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7863000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AF7000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF749B000 Size: 68224 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7BA3000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF785B000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xF771B000 Size: 47360 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF3052000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF5721000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF79C3000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7AA7000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76DB000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76EB000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76FB000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF79CB000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF2D7C000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B4D000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF56F1000 Size: 196224 File Visible: - Signed: -
Status: -
Name: RDPWD.SYS
Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xB70BF000 Size: 139520 File Visible: - Signed: -
Status: -
Name: RecAgent.sys
Image Path: RecAgent.sys
Address: 0xF79EF000 Size: 13696 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF782B000 Size: 57600 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7551000 Size: 49152 File Visible: No Signed: -
Status: -
Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF3076000 Size: 4083712 File Visible: - Signed: -
Status: -
Name: Rtnicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Address: 0xF575D000 Size: 85120 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF6DC6000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF769B000 Size: 64512 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF740C000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB7BD2000 Size: 353792 File Visible: - Signed: -
Status: -
Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF78CB000 Size: 23040 File Visible: - Signed: -
Status: -
Name: StarOpen.SYS
Image Path: C:\WINDOWS\System32\Drivers\StarOpen.SYS
Address: 0xF78C3000 Size: 24576 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B3B000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB7FFF000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF2EDF000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\drivers\TDI.SYS
Address: 0xF786B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: TDTCP.SYS
Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xF795B000 Size: 21760 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF772B000 Size: 40704 File Visible: - Signed: -
Status: -
Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xB7A7A000 Size: 97280 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF5693000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B41000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF79AB000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF60A2000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF5843000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF79A3000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78AB000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF588F000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF761B000 Size: 52352 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF77FB000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF78F3000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB7E59000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7ADD000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -
Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF73E2000 Size: 77568 File Visible: - Signed: -
Status: -
Logfile of random's system information tool 1.07 (written by random/random)
Run by user at 2010-05-16 23:17:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (5%) free of 153 GB
Total RAM: 1023 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:17:14, on 16/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\user\Desktop\RootRepeal.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.bbc.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.bbc.co.uk/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino GBP - {03588886-5C50-4645-BD5D-F105F84417DE} -
http://www.intercasino.co.uk/?utm_sourc ... paign=home (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino GBP - {03588886-5C50-4645-BD5D-F105F84417DE} -
http://www.intercasino.co.uk/?utm_sourc ... paign=home (file missing) (HKCU)
O16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.systemrequirementslab.com/sr ... ab_srl.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... ab_nvd.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} -
http://disney.go.com/pirates/online/tes ... eGames.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1277564285O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
http://www.orderingmemory.com/controls/cpcScanner.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} -
http://drmlicense.one.microsoft.com/crl ... crlocx.ocxO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} -
http://support.packardbell.com/files/ac ... inder2.CABO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Photo Service\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TCTNWPT - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\TCTNWPT.exe (file missing)
--
End of file - 11975 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-28 278128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14643754]
C:\Documents and Settings\All Users\Application Data\14643754\14643754.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2010-02-27 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadbandadvisor.exe]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\CCleaner.exe [2010-04-23 1668920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCure]
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe /R []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-03 91440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe [2009-09-30 323280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCguard]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6220DMon]
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe [2005-05-06 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2007-02-05 476728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-28 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
C:\Program Files\ThreatFire\TFTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-01 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tucan]
C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for AntiRootkit[1].zip\PAVARK.exe /Monitor []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Hotbar\bin\11.0.78.0\Weather.exe -auto []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updates]
c:\windows\system\Update.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
C:\PROGRA~1\EFAXME~1.3\J2GTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-06-03 91440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-02-19 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
C:\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe [1999-06-15 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
C:\PROGRA~1\MUSTEK~1\Driver\WATCH.exe [2001-11-23 364544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
C:\PROGRA~1\ZYDAST~1\ZYDAS_~1.11G\ZDWlan.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dr Who^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dr Who^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
C:\DOCUME~1\MRBURN~1\MYDOCU~1\DOWNLO~1\LOGITE~1\ITOUCH~1.EXE [2009-10-23 228352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dr Who^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Loz^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Loz^Start Menu^Programs^Startup^Trailer Room.lnk]
C:\DOCUME~1\Loz\APPLIC~1\TRAILE~1\Player.exe [2008-02-11 1022664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr Burns^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
C:\PROGRA~1\BBCIPL~1\BBCIPL~1.EXE [2010-04-30 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
C:\PROGRA~1\ERUNT\AUTOBACK.EXE C:\WINDOWS\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^SpywareGuard.lnk]
C:\PROGRA~1\SPYWAR~2\sgmain.exe [2003-08-29 360448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PACSPTISVR"=3
"NBService"=3
"MSCSPTISRV"=3
"KService"=2
"IDriverT"=3
"dvpapi"=2
"SPTISRV"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2009-02-19 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\kdx\KHost.exe"="C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager"
"C:\Program Files\KService\KService.exe"="C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Documents and Settings\Loz\Local Settings\temp\ImInstaller\incredimail_installer.exe"="C:\Documents and Settings\Loz\Local Settings\temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe"="C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Microgaming\Casino\GoldenTiger\casinogame.exe"="C:\Microgaming\Casino\GoldenTiger\casinogame.exe:*:Enabled:Game Launcher"
"C:\Documents and Settings\Dr Who\Local Settings\temp\iTouch-Server-Win.exe"="C:\Documents and Settings\Dr Who\Local Settings\temp\iTouch-Server-Win.exe:*:Enabled:Logitech"
"C:\Documents and Settings\Mr Burns\My Documents\Downloads\Logitech Touch Mouse Server\iTouch-Server-Win.exe"="C:\Documents and Settings\Mr Burns\My Documents\Downloads\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech"
"C:\Program Files\InterCasinoEnglishGBP\Casino.exe"="C:\Program Files\InterCasinoEnglishGBP\Casino.exe:*:Enabled:Casino"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======File associations======
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2010-05-16 23:17:02 ----DC---- C:\rsit
2010-05-16 22:44:28 ----D---- C:\Documents and Settings\user\Application Data\AVS4YOU
2010-05-16 21:04:07 ----D---- C:\Program Files\QuickTime
2010-05-15 15:34:11 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-05-15 12:58:34 ----D---- C:\Documents and Settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-14 22:52:37 ----D---- C:\Program Files\iPod
2010-05-14 22:52:19 ----D---- C:\Program Files\iTunes
2010-05-14 22:40:37 ----D---- C:\Program Files\Bonjour
2010-05-13 23:19:17 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 21:59:59 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-05-13 21:59:57 ----D---- C:\Program Files\Alwil Software
2010-05-13 21:58:22 ----DC---- C:\Deckard
2010-05-13 21:50:30 ----D---- C:\Documents and Settings\user\Application Data\Avira
2010-05-13 21:21:28 ----DC---- C:\Documents and Settings\All Users\Application Data\Avira
2010-05-13 21:21:28 ----D---- C:\Program Files\Avira
2010-05-13 05:01:35 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-05-12 21:44:05 ----A---- C:\WINDOWS\system32\MRT.INI
2010-05-12 21:39:52 ----AC---- C:\mbam-error.txt
2010-05-12 21:22:54 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2010-05-12 21:18:24 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-05-12 21:16:49 ----D---- C:\Program Files\CasinoOnNet
2010-05-12 21:16:49 ----D---- C:\Documents and Settings\user\Application Data\CasinoOnNet
2010-05-12 21:15:56 ----D---- C:\Program Files\AnvSoft
2010-05-12 21:15:02 ----HDC---- C:\Documents and Settings\All Users\Application Data\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}
2010-05-12 21:13:49 ----D---- C:\Program Files\VeryPDF Image2PDF v3.2
2010-05-11 21:33:19 ----D---- C:\Documents and Settings\user\Application Data\Radialpoint
2010-05-11 21:33:16 ----D---- C:\Documents and Settings\user\Application Data\Virgin Media
2010-05-11 21:32:57 ----DC---- C:\Documents and Settings\All Users\Application Data\Radialpoint
2010-05-11 21:32:53 ----DC---- C:\Documents and Settings\All Users\Application Data\Virgin Media
2010-05-11 21:32:53 ----D---- C:\Program Files\Virgin Media
2010-05-04 17:53:57 ----D---- C:\Program Files\iPod(2)
2010-05-04 17:53:27 ----DC---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-04 17:53:27 ----D---- C:\Program Files\iTunes(2)
2010-05-04 17:36:24 ----D---- C:\Program Files\Bonjour(2)
2010-05-03 18:11:24 ----D---- C:\Documents and Settings\user\Application Data\dvdcss
2010-05-01 00:30:52 ----A---- C:\WINDOWS\system32\post.txt
2010-04-30 17:48:17 ----D---- C:\Program Files\BBC iPlayer Desktop
2010-04-27 17:15:05 ----D---- C:\WINDOWS\winmain32
======List of files/folders modified in the last 1 months======
2010-05-16 22:44:24 ----D---- C:\WINDOWS\system32\drivers
2010-05-16 22:40:59 ----D---- C:\WINDOWS\Prefetch
2010-05-16 22:17:36 ----D---- C:\WINDOWS\TEMP
2010-05-16 22:14:36 ----D---- C:\WINDOWS\Registration
2010-05-16 22:13:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-16 22:13:20 ----D---- C:\WINDOWS
2010-05-16 22:11:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-16 21:09:33 ----SHD---- C:\WINDOWS\Installer
2010-05-16 21:09:33 ----HDC---- C:\Config.Msi
2010-05-16 21:04:07 ----RSHD---- C:\WINDOWS\system32
2010-05-16 21:04:07 ----RD---- C:\Program Files
2010-05-16 17:56:30 ----D---- C:\Program Files\Adobe
2010-05-16 17:44:47 ----RSD---- C:\WINDOWS\assembly
2010-05-16 17:43:42 ----D---- C:\Program Files\OpenOffice.org 2.0
2010-05-16 17:41:21 ----DC---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2010-05-16 17:41:21 ----D---- C:\Program Files\Sony
2010-05-16 17:39:38 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-05-16 17:27:51 ----SHC---- C:\boot.ini
2010-05-16 17:27:51 ----AC---- C:\WINDOWS\system.ini
2010-05-16 17:27:51 ----A---- C:\WINDOWS\win.ini
2010-05-16 17:27:50 ----D---- C:\WINDOWS\pss
2010-05-16 12:27:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-15 21:55:05 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-15 16:26:01 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-05-15 16:08:57 ----D---- C:\Documents and Settings\user\Application Data\OpenOffice.org2
2010-05-15 16:05:17 ----D---- C:\Program Files\Common Files
2010-05-15 16:05:15 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-15 16:04:53 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2010-05-15 16:00:44 ----D---- C:\Documents and Settings\user\Application Data\Apple Computer
2010-05-15 08:42:46 ----HD---- C:\WINDOWS\inf
2010-05-14 22:52:36 ----D---- C:\Program Files\Common Files\Apple
2010-05-14 22:45:43 ----SD---- C:\WINDOWS\Tasks
2010-05-14 22:45:39 ----D---- C:\Program Files\Apple Software Update
2010-05-14 22:43:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-14 22:41:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-14 22:01:40 ----D---- C:\WINDOWS\Minidump
2010-05-14 18:07:58 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-13 23:19:33 ----D---- C:\Program Files\Lavasoft
2010-05-13 23:18:30 ----D---- C:\WINDOWS\WinSxS
2010-05-13 22:58:38 ----D---- C:\Program Files\AVS4YOU
2010-05-13 22:56:19 ----D---- C:\Documents and Settings\user\Application Data\Sony
2010-05-13 22:48:02 ----D---- C:\WINDOWS\Debug
2010-05-13 22:42:59 ----DC---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-05-13 22:42:09 ----D---- C:\Program Files\freestar
2010-05-13 22:40:21 ----D---- C:\Program Files\DivX
2010-05-13 22:40:11 ----DC---- C:\clickpix
2010-05-13 22:37:36 ----D---- C:\Program Files\YouTube Downloader
2010-05-13 21:46:45 ----D---- C:\Program Files\Yahoo!
2010-05-13 20:58:20 ----D---- C:\Program Files\DVDVideoSoft
2010-05-13 20:58:17 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-05-13 20:57:42 ----DC---- C:\Casino
2010-05-13 20:54:48 ----D---- C:\Program Files\Common Files\Akamai
2010-05-13 03:35:37 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-05-12 21:39:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-12 21:39:30 ----DC---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-12 21:38:40 ----D---- C:\Program Files\Outlook Express
2010-05-12 21:24:48 ----D---- C:\WINDOWS\system32\config
2010-05-12 21:24:00 ----D---- C:\WINDOWS\system32\wbem
2010-05-12 21:22:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-12 21:20:20 ----DC---- C:\Documents and Settings
2010-05-12 21:18:23 ----D---- C:\Program Files\Common Files\Napster Shared
2010-05-12 21:18:22 ----D---- C:\Program Files\Napster
2010-05-12 21:15:06 ----D---- C:\Program Files\AudioCommander
2010-05-11 23:10:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-11 23:07:15 ----D---- C:\Program Files\Sony Ericsson
2010-05-11 22:52:47 ----D---- C:\Program Files\Canon
2010-05-11 22:35:14 ----DC---- C:\Documents and Settings\All Users\Application Data\DriverCure
2010-05-11 22:29:34 ----D---- C:\Program Files\Datel
2010-05-03 11:58:59 ----D---- C:\WINDOWS\ehome
2010-05-02 16:04:22 ----D---- C:\Program Files\CCleaner
2010-04-30 19:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-28 18:15:48 ----D---- C:\Program Files\Google
2010-04-27 21:04:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-27 21:04:22 ----D---- C:\Program Files\Online Services
2010-04-27 21:03:47 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-27 20:38:03 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-27 17:15:07 ----RSD---- C:\WINDOWS\Fonts
2010-04-21 17:29:38 ----SHDC---- C:\RECYCLER
2010-04-17 18:52:54 ----HDC---- C:\LG3G
2010-04-17 18:15:12 ----D---- C:\Program Files\RocketDock
2010-04-17 09:30:28 ----A---- C:\WINDOWS\ModemLog_LGE Mobile USB Modem.txt