Hi
Here are he contents of files gmerrk.txt and gmerautos.txt:
GMER 1.0.14.14205 -
http://www.gmer.netRootkit scan 2008-04-15 19:07:25
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT 86CA80D8 ZwAlertResumeThread
SSDT 86EA2608 ZwAlertThread
SSDT 86CE56F8 ZwAllocateVirtualMemory
SSDT 86AFCE48 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEDF84EB0]
SSDT 86CB52A0 ZwCreateMutant
SSDT 863960B0 ZwCreateThread
SSDT 86CBE5C8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEDF85130]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEDF85690]
SSDT 86DBA7A0 ZwFreeVirtualMemory
SSDT 86CB1100 ZwImpersonateAnonymousToken
SSDT 86CAA0E8 ZwImpersonateThread
SSDT 86A22640 ZwMapViewOfSection
SSDT 86CB3D68 ZwOpenEvent
SSDT 86EA2298 ZwOpenProcessToken
SSDT 86CB6D90 ZwOpenSection
SSDT 86E01270 ZwOpenThreadToken
SSDT 86D0EA80 ZwResumeThread
SSDT 86E963E0 ZwSetContextThread
SSDT 86DD04A0 ZwSetInformationProcess
SSDT 86E00570 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEDF858E0]
SSDT 86CB5D48 ZwSuspendProcess
SSDT 86E6E990 ZwSuspendThread
SSDT 86E709E8 ZwTerminateProcess
SSDT 86E6E9C8 ZwTerminateThread
SSDT 86E95110 ZwUnmapViewOfSection
SSDT 86D12440 ZwWriteVirtualMemory
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[124] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[124] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[124] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[124] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 016E200E
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 016E1DAF
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 016E1CF2
.text C:\WINDOWS\system32\spoolsv.exe[316] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 016E191B
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00BC200E
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00BC1DAF
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BC1CF2
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00BC191B
.text C:\WINDOWS\system32\MsPMSPSv.exe[644] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\MsPMSPSv.exe[644] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\MsPMSPSv.exe[644] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\MsPMSPSv.exe[644] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ntvdm.exe[768] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0299200E
.text C:\WINDOWS\system32\ntvdm.exe[768] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 02991DAF
.text C:\WINDOWS\system32\ntvdm.exe[768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 02991CF2
.text C:\WINDOWS\system32\ntvdm.exe[768] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0299191B
.text C:\WINDOWS\system32\csrss.exe[848] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[848] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[848] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[848] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1220] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1220] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1220] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\CTsvcCDA.EXE[1220] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe[1484] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0125200E
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe[1484] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01251DAF
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe[1484] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01251CF2
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe[1484] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0125191B
.text C:\Documents and Settings\JOHN\Desktop\gmer\gmer.exe[1612] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D6200E
.text C:\Documents and Settings\JOHN\Desktop\gmer\gmer.exe[1612] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D61DAF
.text C:\Documents and Settings\JOHN\Desktop\gmer\gmer.exe[1612] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D61CF2
.text C:\Documents and Settings\JOHN\Desktop\gmer\gmer.exe[1612] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D6191B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0142200E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01421DAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01421CF2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0142191B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] kernel32.dll!VirtualProtect + 1C 7C801AEC 7 Bytes JMP 053F0034
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A1712 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1693 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A16D7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A161F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A1659 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A174D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 053F00B8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1684] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 053F013F
.text C:\WINDOWS\Explorer.EXE[1972] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D1200E
.text C:\WINDOWS\Explorer.EXE[1972] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D11DAF
.text C:\WINDOWS\Explorer.EXE[1972] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D11CF2
.text C:\WINDOWS\Explorer.EXE[1972] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D1191B
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2036] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2036] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2036] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2036] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[2112] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00F8200E
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[2112] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F81DAF
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[2112] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F81CF2
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[2112] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00F8191B
.text C:\WINDOWS\system32\Rundll32.exe[2120] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\Rundll32.exe[2120] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\Rundll32.exe[2120] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\Rundll32.exe[2120] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2224] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2224] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2224] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2224] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2284] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2284] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2284] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2284] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe[2316] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 023A200E
.text C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe[2316] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 023A1DAF
.text C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe[2316] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 023A1CF2
.text C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe[2316] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 023A191B
.text C:\Program Files\Lexmark 6300 Series\lxcdmon.exe[2360] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00AF200E
.text C:\Program Files\Lexmark 6300 Series\lxcdmon.exe[2360] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00AF1DAF
.text C:\Program Files\Lexmark 6300 Series\lxcdmon.exe[2360] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00AF1CF2
.text C:\Program Files\Lexmark 6300 Series\lxcdmon.exe[2360] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00AF191B
.text C:\Program Files\Lexmark 6300 Series\ezprint.exe[2380] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0125200E
.text C:\Program Files\Lexmark 6300 Series\ezprint.exe[2380] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01251DAF
.text C:\Program Files\Lexmark 6300 Series\ezprint.exe[2380] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01251CF2
.text C:\Program Files\Lexmark 6300 Series\ezprint.exe[2380] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0125191B
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2408] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2408] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2408] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2408] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2424] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 014A200E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2424] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 014A1DAF
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2424] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 014A1CF2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2424] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 014A191B
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2428] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2428] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2428] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2428] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2460] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00C8200E
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2460] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C81DAF
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2460] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C81CF2
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2460] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00C8191B
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe[2496] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 016B200E
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe[2496] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 016B1DAF
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe[2496] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 016B1CF2
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe[2496] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 016B191B
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe[2612] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019F200E
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe[2612] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019F1DAF
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe[2612] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 019F1CF2
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe[2612] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 019F191B
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2628] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A9200E
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2628] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A91DAF
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A91CF2
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[2628] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A9191B
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 09CB200E
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 09CB1DAF
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 09CB1CF2
.text C:\Program Files\iTunes\iTunesHelper.exe[2648] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 09CB191B
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2772] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00CC200E
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2772] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00CC1DAF
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2772] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CC1CF2
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2772] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00CC191B
.text C:\Program Files\DellSupport\DSAgnt.exe[3164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01C7200E
.text C:\Program Files\DellSupport\DSAgnt.exe[3164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01C71DAF
.text C:\Program Files\DellSupport\DSAgnt.exe[3164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01C71CF2
.text C:\Program Files\DellSupport\DSAgnt.exe[3164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01C7191B
.text C:\WINDOWS\system32\ctfmon.exe[3176] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A3200E
.text C:\WINDOWS\system32\ctfmon.exe[3176] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A31DAF
.text C:\WINDOWS\system32\ctfmon.exe[3176] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A31CF2
.text C:\WINDOWS\system32\ctfmon.exe[3176] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A3191B
.text C:\Program Files\iPod\bin\iPodService.exe[3416] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\iPod\bin\iPodService.exe[3416] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\iPod\bin\iPodService.exe[3416] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\iPod\bin\iPodService.exe[3416] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Digital Line Detect\DLG.exe[3432] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0112200E
.text C:\Program Files\Digital Line Detect\DLG.exe[3432] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01121DAF
.text C:\Program Files\Digital Line Detect\DLG.exe[3432] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01121CF2
.text C:\Program Files\Digital Line Detect\DLG.exe[3432] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0112191B
.text C:\WINDOWS\system32\lxcdcoms.exe[3508] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\lxcdcoms.exe[3508] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\lxcdcoms.exe[3508] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\lxcdcoms.exe[3508] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3516] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3516] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3516] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3516] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Outlook Express\msimn.exe[3692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01E6200E
.text C:\Program Files\Outlook Express\msimn.exe[3692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01E61DAF
.text C:\Program Files\Outlook Express\msimn.exe[3692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01E61CF2
.text C:\Program Files\Outlook Express\msimn.exe[3692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01E6191B
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe[3756] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0136200E
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe[3756] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01361DAF
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe[3756] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01361CF2
.text C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe[3756] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0136191B
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3852] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0532200E
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3852] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 05321DAF
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3852] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 05321CF2
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3852] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0532191B
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[3920] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01C1200E
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[3920] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01C11DAF
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[3920] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01C11CF2
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[3920] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01C1191B
.text C:\windows\system32\wncczo.exe[3924] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 026C200E
.text C:\windows\system32\wncczo.exe[3924] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 026C1DAF
.text C:\windows\system32\wncczo.exe[3924] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 026C1CF2
.text C:\windows\system32\wncczo.exe[3924] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 026C191B
---- Devices - GMER 1.0.14 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B99DFC8A
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.14 ----
Process C:\windows\system32\wncczo.exe (*** hidden *** ) 3924
Library C:\windows\system32\wncczo.exe (*** hidden *** ) @ C:\windows\system32\wncczo.exe [3924] 0x00400000
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{22BEFFED-C299-5F0D-47CB-0806E72A02EC}\InprocServer32@ C:\PROGRA~1\NETMEE~1\rrcm.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{22BEFFED-C299-5F0D-47CB-0806E72A02EC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{22BEFFED-C299-5F0D-47CB-0806E72A02EC}\ProgID@ RTP.RTP.1
Reg HKLM\SOFTWARE\Classes\CLSID\{22BEFFED-C299-5F0D-47CB-0806E72A02EC}\VersionIndependentProgID@ RTP.RTP
Reg HKLM\SOFTWARE\Classes\CLSID\{44A5F587-110C-7775-09E1-150D080F26AE}\InprocServer32@ C:\WINDOWS\system32\CLBCatQ.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{44A5F587-110C-7775-09E1-150D080F26AE}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\InprocServer32@ C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\MiscStatus\1@ 132497
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\ProgID@ YBIOCtrl.CompanionBHO.4
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\TypeLib@ {EF99BD24-C1FB-11D2-892F-0090271D4F88}
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\Version@ 5.3.16.0
Reg HKLM\SOFTWARE\Classes\CLSID\{88AC8A2F-D879-79AA-5D8F-F9A1A820F6A9}\VersionIndependentProgID@ YBIOCtrl.CompanionBHO
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\2
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\2@ Picture
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\3
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\AuxUserType\3@ Microsoft Word
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readable
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readable\Main
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readable\Main@ MSWordDoc,MSDraw,Word.Picture.6,1
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readwritable
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readwritable\Main
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Conversion\Readwritable\Main@ MSWordDoc
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\DefaultFile
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\DefaultFile@ MSWordDoc
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\0
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\0@ Embed_Source,1,8,1
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\1
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\1@ 1,1,1,3
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\2
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\2@ 3,1,32,3
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\3
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\3@ HTML Format,1,1,3
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\4
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DataFormats\GetSet\4@ Rich Text Format,1,1,3
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\DefaultIcon@ C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe,1
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\InprocHandler32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\LocalServer32@ c:\PROGRA~1\MICROS~4\OFFICE10\WINWORD.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\OfficeCompliant@
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\ProgID@ Word.Picture.8
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\TypeLib@ {00020905-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\verb\0@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\verb\1@ &Open,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\Version@ 9
Reg HKLM\SOFTWARE\Classes\CLSID\{A1798DD0-8097-501F-CE20-24EF135417BD}\VersionIndependentProgID@ Word.Picture
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\Verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\Verb\0@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\Verb\1@ &Open,0,2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@wncczo c:\windows\system32\wncczo.exe wncczo
---- Files - GMER 1.0.14 ----
File C:\WINDOWS\Prefetch\WNCCZO.EXE-2AF0F157.pf 73900 bytes
File C:\WINDOWS\system32\wncczo.dat 8212 bytes
File C:\WINDOWS\system32\wncczo.exe 290816 bytes
File C:\WINDOWS\system32\wncczo_nav.dat 411487 bytes
File C:\WINDOWS\system32\wncczo_navps.dat 4107 bytes
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14205 -
http://www.gmer.netAutostart scan 2008-04-15 19:11:20
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
Automatic LiveUpdate Scheduler@ = "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"
ccEvtMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
ccSetMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
CLTNetCnService@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Creative Service for CDROM Access@ = C:\WINDOWS\system32\CTsvcCDA.EXE
Fax@ = %systemroot%\system32\fxssvc.exe
LiveUpdate Notice@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
SMART Board Service@ = "C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe"
sprtsvc_dellsupportcenter@ = C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter /*file not found*/
WMDM PMSP Service@ = C:\WINDOWS\system32\MsPMSPSv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATIPTA"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
@CTSysVolC:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r /*file not found*/ = C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r /*file not found*/
@P17HelperRundll32 P17.dll,P17Helper = Rundll32 P17.dll,P17Helper
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@DVDLauncher"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
@ISUSPM StartupC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@ISUSScheduler"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
@FaxCenterServer"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s = "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
@Motive SmartBridgeC:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe = C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
@lxcdmon.exe"C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" = "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
@EzPrint"C:\Program Files\Lexmark 6300 Series\ezprint.exe" = "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
@NapsterShellC:\Program Files\Napster\napster.exe /systray /*file not found*/ = C:\Program Files\Napster\napster.exe /systray /*file not found*/
@LXCDCATSrundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16 = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
@Adobe Photo Downloader"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@dscactivate"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
@osCheck"C:\Program Files\Norton 360\osCheck.exe" = "C:\Program Files\Norton 360\osCheck.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@DellSupport"C:\Program Files\DellSupport\DSAgnt.exe" /startup = "C:\Program Files\DellSupport\DSAgnt.exe" /startup
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/ = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/
@DellSupportCenter"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
@wncczoc:\windows\system32\wncczo.exe wncczo = c:\windows\system32\wncczo.exe wncczo
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} /*Thumbnails*/C:\WINDOWS\SYSTEM32\THUMBVW.DLL = C:\WINDOWS\SYSTEM32\THUMBVW.DLL
@{8DE56A0D-E58B-41FE-9F80-3563CDCB2C22} /*Default Image Extrator for Properties*/C:\WINDOWS\SYSTEM32\THUMBVW.DLL = C:\WINDOWS\SYSTEM32\THUMBVW.DLL
@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{8f7261d0-d2b9-11d2-9909-00605205b24c} /*CuteFTP Shell Extension*/C:\PROGRA~1\GLOBAL~1\CUTEFTP\CUTESH~1.DLL /*file not found*/ = C:\PROGRA~1\GLOBAL~1\CUTEFTP\CUTESH~1.DLL /*file not found*/
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{A40526DD-F152-4C1D-844C-CE668D29B77E} /*Shell extension for NTP*/C:\PROGRA~1\NORTON~2\tpShell.dll = C:\PROGRA~1\NORTON~2\tpShell.dll
@{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} /*Shell extension for Norton backup*/C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll = C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BUContextMenu@{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} = C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
TPContextMenu@{A40526DD-F152-4C1D-844C-CE668D29B77E} = C:\PROGRA~1\NORTON~2\tpShell.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BUContextMenu@{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} = C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
TPContextMenu@{A40526DD-F152-4C1D-844C-CE668D29B77E} = C:\PROGRA~1\NORTON~2\tpShell.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
@{67BCF957-85FC-4036-8DC4-D4D80E00A77B}C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll = C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
@{6D53EC84-6AAE-4787-AEEE-F4628F01010C}C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll = C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar1.dll = c:\program files\google\googletoolbar1.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\Windows Live Toolbar\msntb.dll = C:\Program Files\Windows Live Toolbar\msntb.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://uk.yahoo.com =
http://uk.yahoo.com@Start
Pagehttp://uk.yahoo.com =
http://uk.yahoo.com@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://www.google.co.uk/ =
http://www.google.co.uk/@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\SYSTEM32\msdxm.ocx
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll
C:\Documents and Settings\JOHN\Start Menu\Programs\Startup = RSPCA_Cyberpet2368320353.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
broadband medic.lnk = broadband medic.lnk
Digital Line Detect.lnk = Digital Line Detect.lnk
Microsoft Office.lnk = Microsoft Office.lnk
SMART Board Tools.lnk = SMART Board Tools.lnk
---- EOF - GMER 1.0.14 ----