Hello
The file you asked me for is not in there,in fact the hole folder is non existent.
Here are the logs
CF-RC:(combo fix)
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Rootkit:
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-10-11 22:23:51
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0xAF444C90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0xAF4450C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwConnectPort [0xAF444580]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateFile [0xAF4465D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateKey [0xAF447170]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreatePort [0xAF444440]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcess [0xAF4451F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcessEx [0xAF442FD0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateSection [0xAF442BD0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateThread [0xAF443580]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwDebugActiveProcess [0xAF443E10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwDeleteFile [0xAF446C30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwDeleteKey [0xAF446050]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwDeleteValueKey [0xAF4479E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwEnumerateKey [0xAF4465B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwEnumerateValueKey [0xAF4465C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwLoadDriver [0xAF444B00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwLoadKey [0xAF447D50]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenFile [0xAF446990]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenKey [0xAF446200]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenProcess [0xAF4432E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenSection [0xAF442E00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenThread [0xAF443960]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0xAF444E00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwQueryKey [0xAF446590]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwQueryValueKey [0xAF4465A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwReplaceKey [0xAF446210]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0xAF4447D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRestoreKey [0xAF4463D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwResumeThread [0xAF4441C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSaveKey [0xAF446580]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSetContextThread [0xAF443CC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSetInformationFile [0xAF446E90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSetValueKey [0xAF4474D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwShutdownSystem [0xAF444A40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSuspendProcess [0xAF444300]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSuspendThread [0xAF444060]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSystemDebugControl [0xAF443F40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwTerminateProcess [0xAF443430]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwTerminateThread [0xAF443B50]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0xAF444F60]
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C42 805044CE 2 Bytes [ 44, AF ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504508 12 Bytes [ 40, 44, 44, AF, F0, 51, 44, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBE 8050454A 6 Bytes [ 44, AF, 50, 60, 44, AF ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [ 00, 43, 44, AF, 60, 40, 44, ... ]
? C:\WINDOWS\system32\drivers\OAnet.sys Access is denied.
? C:\WINDOWS\system32\drivers\OAmon.sys Access is denied.
? C:\WINDOWS\system32\drivers\OADriver.sys Access is denied.
? C:\WINDOWS\TEMP\mc22.tmp The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[268] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[268] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[268] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Kontiki\KService.exe[356] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\slserv.exe[648] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\notepad.exe[900] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\notepad.exe[900] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\notepad.exe[900] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\notepad.exe[900] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\notepad.exe[900] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\notepad.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\notepad.exe[1032] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\notepad.exe[1032] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\notepad.exe[1032] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\notepad.exe[1032] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1932] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1948] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1988] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1988] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2248] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2248] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2248] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2248] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2248] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\mHotkey.exe[2272] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\mHotkey.exe[2272] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\mHotkey.exe[2272] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\mHotkey.exe[2272] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\mHotkey.exe[2272] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\vali\Desktop\gmer.exe[2444] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\vali\Desktop\gmer.exe[2444] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\vali\Desktop\gmer.exe[2444] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\vali\Desktop\gmer.exe[2444] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Documents and Settings\vali\Desktop\gmer.exe[2444] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2496] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2496] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2496] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2496] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[2496] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2500] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2500] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2500] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2560] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2560] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2560] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2560] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2612] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2612] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2612] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2612] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2612] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2672] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2672] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[2676] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Kontiki\KHost.exe[2716] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Kontiki\KHost.exe[2716] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Kontiki\KHost.exe[2716] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Kontiki\KHost.exe[2716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Kontiki\KHost.exe[2716] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\explorer.exe[2768] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\explorer.exe[2768] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\explorer.exe[2768] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[2768] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\explorer.exe[2768] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text D:\Programs\Online Armor\oaui.exe[2876] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[3096] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[3096] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[3096] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[3096] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[3096] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3272] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[3272] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3272] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[3272] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\ctfmon.exe[3272] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Wlan\IPN2220\wlan_ui.exe[3656] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Wlan\IPN2220\wlan_ui.exe[3656] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Wlan\IPN2220\wlan_ui.exe[3656] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Wlan\IPN2220\wlan_ui.exe[3656] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Wlan\IPN2220\wlan_ui.exe[3656] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3808] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\MagicDisc\MagicDisc.exe[3828] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\MagicDisc\MagicDisc.exe[3828] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\MagicDisc\MagicDisc.exe[3828] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\MagicDisc\MagicDisc.exe[3828] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\MagicDisc\MagicDisc.exe[3828] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3880] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3880] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3880] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3880] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3880] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6A7D410] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6A7D470] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6A7D720] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A7D760] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6A7D720] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6A7D470] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6A7D410] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B6A7D410] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B6A7D470] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A7D760] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B6A7D720] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [B6A7D470] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [B6A7D720] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [B6A7D410] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A7D760] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B6A7D720] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A7D760] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B6A7D410] \??\C:\WINDOWS\system32\drivers\OAnet.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B6A7D470] \??\C:\WINDOWS\system32\drivers\OAnet.sys
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\Tcpip \Device\Ip OAmon.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Tcpip \Device\Tcp OAmon.sys
Device \Driver\Tcpip \Device\Udp OAmon.sys
Device \Driver\Tcpip \Device\RawIp OAmon.sys
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- EOF - GMER 1.0.14 ----
Aotoskan:
GMER 1.0.14.14536 -
http://www.gmer.netAutostart scan 2008-10-11 22:24:54
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
btwdins@ = C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
ekrn@ = "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
KService@ = "C:\Program Files\Kontiki\KService.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SLService@ = slserv.exe
SvcOnlineArmor@ = "D:\Programs\Online Armor\oasrv.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@PtiuPbmdRundll32.exe ptipbm.dll,SetWriteBack = Rundll32.exe ptipbm.dll,SetWriteBack
@High Definition Audio Property Page ShortcutHDAudPropShortcut.exe = HDAudPropShortcut.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@AlcWzrdALCWZRD.EXE = ALCWZRD.EXE
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@CHotkeymHotkey.exe = mHotkey.exe
@SynTPLprC:\Program Files\Synaptics\SynTP\SynTPLpr.exe = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@egui"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
@PWRISOVM.EXEC:\Program Files\PowerISO\PWRISOVM.EXE = C:\Program Files\PowerISO\PWRISOVM.EXE
@GrooveMonitor"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
@4oD"C:\Program Files\Kontiki\KHost.exe" -all = "C:\Program Files\Kontiki\KHost.exe" -all
@OnlineArmor GUI"D:\Programs\Online Armor\oaui.exe" = "D:\Programs\Online Armor\oaui.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
@MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@kdxC:\Program Files\Kontiki\KHost.exe -all /*file not found*/ = C:\Program Files\Kontiki\KHost.exe -all /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{4F07DA45-8170-4859-9B5F-037EF2970034}D:\Programs\ONLINE~1\oaevent.dll = D:\Programs\ONLINE~1\oaevent.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*Eset Smart Security - Context Menu Shell Extension*/C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} /*IZArc DragDrop Menu*/(null) =
@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} /*IZArc Shell Context Menu*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/D:\Programs\rpshell.dll = D:\Programs\rpshell.dll
@{4F07DA46-8170-4859-9B5F-037EF2970034} /*Online Armor Shell Extension*/D:\Programs\ONLINE~1\oaevent.dll = D:\Programs\ONLINE~1\oaevent.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = D:\Programs\ONLINE~1\oaevent.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Eset Smart Security - Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
OnlineArmorShell@{4F07DA46-8170-4859-9B5F-037EF2970034} = D:\Programs\ONLINE~1\oaevent.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar1.dll = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Start
Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://www.lolaevents.co.uk/ =
http://www.lolaevents.co.uk/@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
grooveLocalGWS@CLSID = C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
C:\Documents and Settings\vali\Start Menu\Programs\Startup = MagicDisc.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
WLAN Configuration Utility.lnk = WLAN Configuration Utility.lnk
BTTray.lnk = BTTray.lnk
---- EOF - GMER 1.0.14 ----
Thanks