Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumond/torpig


  • This topic is locked This topic is locked
13 replies to this topic

#1 bojigga

bojigga

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:12:31 PM

Posted 08 February 2008 - 01:05 PM

Hello HJT Team/Mods,

My Dell PC seems to be infected with the Virtumond virus. I've ran Spybot, AD-aware and spyblaster in safe/regular modes but this bugger keeps re-installing. If some one could lend me a hand I would be most appreciative. Below is mt HJT file. Thanx



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:36 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\BORIS~1.LET\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8094d390] rundll32.exe "C:\WINDOWS\system32\nlaimcby.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168804505388
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax5217.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL ACS - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxLiveShare9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SCardSvr - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: wscsvc - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9077 bytes
ASCII a stupid question get a stupid ANSI

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:31 PM

Posted 13 February 2008 - 01:09 PM

Hello bojigga and welcome to theBC HijackThis forum. Let's try another scanner and see what it shows us.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

Edited by OldTimer, 13 February 2008 - 01:09 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 bojigga

bojigga
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:12:31 PM

Posted 13 February 2008 - 08:47 PM

Thanks Oldtimer for your help. I've attached the WinPFind35.txt

Attached Files


ASCII a stupid question get a stupid ANSI

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:31 PM

Posted 13 February 2008 - 10:43 PM

Hi bojigga. We have a bit of work to so so let's get started. Follow the steps below in order.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%AllUsersProfile%\Documents\{499663EE-202C-4468-874C-198A9E0BC058}
%SystemDrive%\-2137730241
%SystemRoot%\system32\awtst.dll 
%SystemRoot%\System32\cbgjbcql.ini
%SystemRoot%\System32\drivers\retx2.sys
%SystemRoot%\System32\ggjlm.ini
%SystemRoot%\System32\ggjlm.ini2
%SystemRoot%\System32\hhkmp.ini
%SystemRoot%\System32\hhkmp.ini2
%SystemRoot%\System32\hjllm.ini
%SystemRoot%\System32\hjllm.ini2
%SystemRoot%\System32\ihhkj.ini
%SystemRoot%\System32\ihhkj.ini2
%SystemRoot%\system32\jkhhi.dll
%SystemRoot%\system32\jkhhi.dll 
%SystemRoot%\System32\kdfapi.dll
%SystemRoot%\System32\Kdfhok.dll
%SystemRoot%\System32\kdfinj.dll
%SystemRoot%\System32\kdfmgr.exe
%SystemRoot%\System32\kdfvmgr.exe
%SystemRoot%\System32\kjjlm.ini
%SystemRoot%\System32\kjjlm.ini2
%SystemRoot%\System32\lewrowek.dll
%SystemRoot%\System32\ljjheee.dll
%SystemRoot%\System32\mlcimltu.ini
%SystemRoot%\system32\mljgg.dll 
%SystemRoot%\system32\mljjk.dll 
%SystemRoot%\system32\mlljh.dll 
%SystemRoot%\System32\moaoqibp.ini
%SystemRoot%\System32\ntfsdrct.h
%SystemRoot%\System32\ofdrrxyi.ini
%SystemRoot%\System32\oitogxrl.ini
%SystemRoot%\System32\otbobkqe.ini
%SystemRoot%\System32\pndecwks.ini
%SystemRoot%\System32\qqstv.ini
%SystemRoot%\System32\qqstv.ini2
%SystemRoot%\System32\rglsadvq.dll
%SystemRoot%\System32\rmurjgjg.dll
%SystemRoot%\System32\soejoyvl.ini
%SystemRoot%\System32\stvwa.ini
%SystemRoot%\System32\stvwa.ini2
%SystemRoot%\System32\swjvvmdw.ini
%SystemRoot%\System32\tstwa.ini
%SystemRoot%\System32\tstwa.ini2
%SystemRoot%\System32\tttss.ini2
%SystemRoot%\system32\vtsqq.dll 
%SystemRoot%\System32\wgalfxhv.ini
%SystemRoot%\System32\ybcmialn.ini
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
Folders to delete:
%SystemRoot%\kdefense
%SystemRoot%\l2schemas
%SystemRoot%\LocalSSL

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {0C26DB84-6A45-45F2-AB3C-9751F96D12C0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mljgg.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {6F707B91-EEF7-4646-B9DD-1CC5FC24111C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtst.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {8F9AB39B-8F96-4028-B580-3F1E01791035} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mljjk.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {DFAE7CE0-AB2E-4FE5-A14E-402E0EE3F0E6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\vtsqq.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {EFFF1FF2-81F5-4BCC-B12B-041C34A49BE6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkhhi.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {F98A91C5-1614-4B8C-B84F-714498FDD48A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlljh.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YY -> {9522B3FB-7A2B-4646-8AF6-36E7F593073C}[HKEY_LOCAL_MACHINE] -> http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab[Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\jkhhi.dll -> %SystemRoot%\system32\jkhhi.dll
< BotCheck > -> 
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\BORIS~1.LET\LOCALS~1\Temp\win712.exe -> C:\DOCUME~1\BORIS~1.LET\LOCALS~1\Temp\win712.exe [C:\DOCUME~1\BORIS~1.LET\LOCALS~1\Temp\win712.exe:*:Enabled:win712]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winver.exe -> C:\WINDOWS\system32\winver.exe [C:\WINDOWS\system32\winver.exe:*:Enabled:winver]
[Files/Folders - Created Within 30 days]
NY -> -2137730241 -> %SystemDrive%\-2137730241
NY -> retx2.sys -> %SystemRoot%\System32\drivers\retx2.sys
NY -> cbgjbcql.ini -> %SystemRoot%\System32\cbgjbcql.ini
NY -> ggjlm.ini -> %SystemRoot%\System32\ggjlm.ini
NY -> ggjlm.ini2 -> %SystemRoot%\System32\ggjlm.ini2
NY -> hhkmp.ini -> %SystemRoot%\System32\hhkmp.ini
NY -> hhkmp.ini2 -> %SystemRoot%\System32\hhkmp.ini2
NY -> hjllm.ini -> %SystemRoot%\System32\hjllm.ini
NY -> hjllm.ini2 -> %SystemRoot%\System32\hjllm.ini2
NY -> ihhkj.ini -> %SystemRoot%\System32\ihhkj.ini
NY -> ihhkj.ini2 -> %SystemRoot%\System32\ihhkj.ini2
NY -> jkhhi.dll -> %SystemRoot%\System32\jkhhi.dll
NY -> kdfapi.dll -> %SystemRoot%\System32\kdfapi.dll
NY -> Kdfhok.dll -> %SystemRoot%\System32\Kdfhok.dll
NY -> kdfinj.dll -> %SystemRoot%\System32\kdfinj.dll
NY -> kdfmgr.exe -> %SystemRoot%\System32\kdfmgr.exe
NY -> kdfvmgr.exe -> %SystemRoot%\System32\kdfvmgr.exe
NY -> kjjlm.ini -> %SystemRoot%\System32\kjjlm.ini
NY -> kjjlm.ini2 -> %SystemRoot%\System32\kjjlm.ini2
NY -> lewrowek.dll -> %SystemRoot%\System32\lewrowek.dll
NY -> ljjheee.dll -> %SystemRoot%\System32\ljjheee.dll
NY -> mlcimltu.ini -> %SystemRoot%\System32\mlcimltu.ini
NY -> moaoqibp.ini -> %SystemRoot%\System32\moaoqibp.ini
NY -> ntfsdrct.h -> %SystemRoot%\System32\ntfsdrct.h
NY -> ofdrrxyi.ini -> %SystemRoot%\System32\ofdrrxyi.ini
NY -> oitogxrl.ini -> %SystemRoot%\System32\oitogxrl.ini
NY -> otbobkqe.ini -> %SystemRoot%\System32\otbobkqe.ini
NY -> pndecwks.ini -> %SystemRoot%\System32\pndecwks.ini
NY -> qqstv.ini -> %SystemRoot%\System32\qqstv.ini
NY -> qqstv.ini2 -> %SystemRoot%\System32\qqstv.ini2
NY -> rglsadvq.dll -> %SystemRoot%\System32\rglsadvq.dll
NY -> rmurjgjg.dll -> %SystemRoot%\System32\rmurjgjg.dll
NY -> soejoyvl.ini -> %SystemRoot%\System32\soejoyvl.ini
NY -> stvwa.ini -> %SystemRoot%\System32\stvwa.ini
NY -> stvwa.ini2 -> %SystemRoot%\System32\stvwa.ini2
NY -> swjvvmdw.ini -> %SystemRoot%\System32\swjvvmdw.ini
NY -> tstwa.ini -> %SystemRoot%\System32\tstwa.ini
NY -> tstwa.ini2 -> %SystemRoot%\System32\tstwa.ini2
NY -> tttss.ini2 -> %SystemRoot%\System32\tttss.ini2
NY -> wgalfxhv.ini -> %SystemRoot%\System32\wgalfxhv.ini
NY -> ybcmialn.ini -> %SystemRoot%\System32\ybcmialn.ini
NY -> kdefense -> %SystemRoot%\kdefense
NY -> l2schemas -> %SystemRoot%\l2schemas
NY -> LocalSSL -> %SystemRoot%\LocalSSL
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> {499663EE-202C-4468-874C-198A9E0BC058} -> %AllUsersProfile%\Documents\{499663EE-202C-4468-874C-198A9E0BC058}
[Files/Folders - Modified Within 30 days]
NY -> -2137730241 -> %SystemDrive%\-2137730241
NY -> retx2.sys -> %SystemRoot%\System32\drivers\retx2.sys
NY -> cbgjbcql.ini -> %SystemRoot%\System32\cbgjbcql.ini
NY -> ggjlm.ini -> %SystemRoot%\System32\ggjlm.ini
NY -> ggjlm.ini2 -> %SystemRoot%\System32\ggjlm.ini2
NY -> hhkmp.ini -> %SystemRoot%\System32\hhkmp.ini
NY -> hhkmp.ini2 -> %SystemRoot%\System32\hhkmp.ini2
NY -> hjllm.ini -> %SystemRoot%\System32\hjllm.ini
NY -> hjllm.ini2 -> %SystemRoot%\System32\hjllm.ini2
NY -> ihhkj.ini -> %SystemRoot%\System32\ihhkj.ini
NY -> ihhkj.ini2 -> %SystemRoot%\System32\ihhkj.ini2
NY -> jkhhi.dll -> %SystemRoot%\System32\jkhhi.dll
NY -> kdfapi.dll -> %SystemRoot%\System32\kdfapi.dll
NY -> Kdfhok.dll -> %SystemRoot%\System32\Kdfhok.dll
NY -> kdfinj.dll -> %SystemRoot%\System32\kdfinj.dll
NY -> kdfmgr.exe -> %SystemRoot%\System32\kdfmgr.exe
NY -> kdfvmgr.exe -> %SystemRoot%\System32\kdfvmgr.exe
NY -> kjjlm.ini -> %SystemRoot%\System32\kjjlm.ini
NY -> kjjlm.ini2 -> %SystemRoot%\System32\kjjlm.ini2
NY -> lewrowek.dll -> %SystemRoot%\System32\lewrowek.dll
NY -> ljjheee.dll -> %SystemRoot%\System32\ljjheee.dll
NY -> mlcimltu.ini -> %SystemRoot%\System32\mlcimltu.ini
NY -> moaoqibp.ini -> %SystemRoot%\System32\moaoqibp.ini
NY -> ofdrrxyi.ini -> %SystemRoot%\System32\ofdrrxyi.ini
NY -> oitogxrl.ini -> %SystemRoot%\System32\oitogxrl.ini
NY -> otbobkqe.ini -> %SystemRoot%\System32\otbobkqe.ini
NY -> pndecwks.ini -> %SystemRoot%\System32\pndecwks.ini
NY -> qqstv.ini -> %SystemRoot%\System32\qqstv.ini
NY -> qqstv.ini2 -> %SystemRoot%\System32\qqstv.ini2
NY -> rglsadvq.dll -> %SystemRoot%\System32\rglsadvq.dll
NY -> rmurjgjg.dll -> %SystemRoot%\System32\rmurjgjg.dll
NY -> soejoyvl.ini -> %SystemRoot%\System32\soejoyvl.ini
NY -> stvwa.ini -> %SystemRoot%\System32\stvwa.ini
NY -> stvwa.ini2 -> %SystemRoot%\System32\stvwa.ini2
NY -> swjvvmdw.ini -> %SystemRoot%\System32\swjvvmdw.ini
NY -> tstwa.ini -> %SystemRoot%\System32\tstwa.ini
NY -> tstwa.ini2 -> %SystemRoot%\System32\tstwa.ini2
NY -> tttss.ini2 -> %SystemRoot%\System32\tttss.ini2
NY -> wgalfxhv.ini -> %SystemRoot%\System32\wgalfxhv.ini
NY -> ybcmialn.ini -> %SystemRoot%\System32\ybcmialn.ini
NY -> kdefense -> %SystemRoot%\kdefense
NY -> l2schemas -> %SystemRoot%\l2schemas
NY -> LocalSSL -> %SystemRoot%\LocalSSL
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 177 bytes -> %AllUsersProfile%\Application Data\TEMP:D2F2F703
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 bojigga

bojigga
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:12:31 PM

Posted 14 February 2008 - 06:42 PM

HI OT,

I've been trying to download Avenger but Micro trend says it has a virus and won't let me do anything with it. Any suggestions?
ASCII a stupid question get a stupid ANSI

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:31 PM

Posted 14 February 2008 - 06:49 PM

Hi bojigga. If Trend doesn't give you the option to ignore it and allow the download then just disable it for the time being and we'll re-enable it when we are done.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 bojigga

bojigga
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:12:31 PM

Posted 15 February 2008 - 01:09 PM

Hi OT,

I really do appreciate you taking the time to help me with problem. While running the WinPFind35U FIX the hour glass icon was present for over 90 mins. The staus bar in the bottom left corner of WinPFind35U showed "fix running" but it seemed to hang for some time. I never got the finnished prompt but here is what you requested.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yfenbabr

*******************

Script file located at: \??\C:\Program Files\wejwxcti.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058} deleted successfully.
File C:\-2137730241 deleted successfully.


File C:\WINDOWS\system32\awtst.dll not found!
Deletion of file C:\WINDOWS\system32\awtst.dll failed!

Could not process line:
C:\WINDOWS\system32\awtst.dll
Status: 0xc0000034

File C:\WINDOWS\System32\cbgjbcql.ini deleted successfully.
File C:\WINDOWS\System32\drivers\retx2.sys deleted successfully.
File C:\WINDOWS\System32\ggjlm.ini deleted successfully.
File C:\WINDOWS\System32\ggjlm.ini2 deleted successfully.
File C:\WINDOWS\System32\hhkmp.ini deleted successfully.
File C:\WINDOWS\System32\hhkmp.ini2 deleted successfully.
File C:\WINDOWS\System32\hjllm.ini deleted successfully.
File C:\WINDOWS\System32\hjllm.ini2 deleted successfully.
File C:\WINDOWS\System32\ihhkj.ini deleted successfully.
File C:\WINDOWS\System32\ihhkj.ini2 deleted successfully.
File C:\WINDOWS\system32\jkhhi.dll deleted successfully.


File C:\WINDOWS\system32\jkhhi.dll not found!
Deletion of file C:\WINDOWS\system32\jkhhi.dll failed!

Could not process line:
C:\WINDOWS\system32\jkhhi.dll
Status: 0xc0000034

File C:\WINDOWS\System32\kdfapi.dll deleted successfully.
File C:\WINDOWS\System32\Kdfhok.dll deleted successfully.
File C:\WINDOWS\System32\kdfinj.dll deleted successfully.
File C:\WINDOWS\System32\kdfmgr.exe deleted successfully.
File C:\WINDOWS\System32\kdfvmgr.exe deleted successfully.
File C:\WINDOWS\System32\kjjlm.ini deleted successfully.
File C:\WINDOWS\System32\kjjlm.ini2 deleted successfully.
File C:\WINDOWS\System32\lewrowek.dll deleted successfully.
File C:\WINDOWS\System32\ljjheee.dll deleted successfully.
File C:\WINDOWS\System32\mlcimltu.ini deleted successfully.


File C:\WINDOWS\system32\mljgg.dll not found!
Deletion of file C:\WINDOWS\system32\mljgg.dll failed!

Could not process line:
C:\WINDOWS\system32\mljgg.dll
Status: 0xc0000034



File C:\WINDOWS\system32\mljjk.dll not found!
Deletion of file C:\WINDOWS\system32\mljjk.dll failed!

Could not process line:
C:\WINDOWS\system32\mljjk.dll
Status: 0xc0000034



File C:\WINDOWS\system32\mlljh.dll not found!
Deletion of file C:\WINDOWS\system32\mlljh.dll failed!

Could not process line:
C:\WINDOWS\system32\mlljh.dll
Status: 0xc0000034

File C:\WINDOWS\System32\moaoqibp.ini deleted successfully.
File C:\WINDOWS\System32\ntfsdrct.h deleted successfully.
File C:\WINDOWS\System32\ofdrrxyi.ini deleted successfully.
File C:\WINDOWS\System32\oitogxrl.ini deleted successfully.
File C:\WINDOWS\System32\otbobkqe.ini deleted successfully.
File C:\WINDOWS\System32\pndecwks.ini deleted successfully.
File C:\WINDOWS\System32\qqstv.ini deleted successfully.
File C:\WINDOWS\System32\qqstv.ini2 deleted successfully.
File C:\WINDOWS\System32\rglsadvq.dll deleted successfully.
File C:\WINDOWS\System32\rmurjgjg.dll deleted successfully.
File C:\WINDOWS\System32\soejoyvl.ini deleted successfully.
File C:\WINDOWS\System32\stvwa.ini deleted successfully.
File C:\WINDOWS\System32\stvwa.ini2 deleted successfully.
File C:\WINDOWS\System32\swjvvmdw.ini deleted successfully.
File C:\WINDOWS\System32\tstwa.ini deleted successfully.
File C:\WINDOWS\System32\tstwa.ini2 deleted successfully.
File C:\WINDOWS\System32\tttss.ini2 deleted successfully.


File C:\WINDOWS\system32\vtsqq.dll not found!
Deletion of file C:\WINDOWS\system32\vtsqq.dll failed!

Could not process line:
C:\WINDOWS\system32\vtsqq.dll
Status: 0xc0000034

File C:\WINDOWS\System32\wgalfxhv.ini deleted successfully.
File C:\WINDOWS\System32\ybcmialn.ini deleted successfully.
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat deleted successfully.
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat deleted successfully.
Folder C:\WINDOWS\kdefense deleted successfully.
Folder C:\WINDOWS\l2schemas deleted successfully.
Folder C:\WINDOWS\LocalSSL deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

############################################

;INF file for CPBRKPIE.OCX
;DestDir can be 10 for Windows directory, 11 for Windows\System(32) directory, or left blank for the Occache directory.

[version]
signature="$CHICAGO$"
AdvancedINF=2.0
[DefaultInstall]
CopyFiles=install.files
RegisterOCXs=RegisterFiles
AddReg=AddToRegistry
[RInstallApplicationFiles]
CopyFiles=install.files
RegisterOCXs=RegisterFiles
AddReg=AddToRegistry
[DestinationDirs]
install.files=10
[SourceDisksNames]
1=%DiskName%,cpbrkpie.cab,1

[Add.Code]
cpbrkpie.ocx=cpbrkpie.ocx
[install.files]
cpbrkpie.ocx=cpbrkpie.ocx
[SourceDisksFiles]
cpbrkpie.ocx=1

[cpbrkpie.ocx]
file-win32-x86=thiscab
RegisterServer=yes
clsid={9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DestDir=10
FileVersion=3,3,0,2

[Setup Hooks]
AddToRegHook=AddToRegHook

[AddToRegHook]
InfSection=DefaultInstall2

[DefaultInstall2]
AddReg=AddToRegistry

[AddToRegistry]
HKLM,"SOFTWARE\Classes\CLSID\{87255C51-CD7D-4506-B9AD-97606DAF53F3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}"
HKLM,"SOFTWARE\Classes\CLSID\{87255C51-CD7D-4506-B9AD-97606DAF53F3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}"
HKCR,"Licenses",,,"Licensing: Copying the keys may be a violation of established copyrights."
[RegisterFiles]
%10%\cpbrkpie.ocx

######################################


WinPFind35 logfile created on: 2/15/2008 11:41:12 AM
WinPFind35U Version Beta51	 Folder = C:\HJT\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.07 Mb Total Physical Memory | 465.93 Mb Available Physical Memory | 45.59% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.83 Gb Total Space | 60.85 Gb Free Space | 42.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LETYBO
Current User Name: Boris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 9:56:14 PM | Attr =	]
wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe -> Linksys [Ver = 1.0.1.8 | Size = 5238272 bytes | Modified Date = 11/16/2005 4:49:44 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/8/2008 11:37:36 AM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr =	]
tscfcommander.exe -> %ProgramFiles%\Trend Micro\TrendSecure\TSCFCommander.exe -> Trend Micro Inc. [Ver = 1.0.0.1205 | Size = 542032 bytes | Modified Date = 9/11/2007 11:55:00 AM | Attr =	]
tscfplatformcomsvr.exe -> %ProgramFiles%\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe -> Trend Micro Inc. [Ver = 1.0.0.1205 | Size = 152912 bytes | Modified Date = 9/11/2007 11:55:03 AM | Attr =	]
hschkproxyexe.exe -> %ProgramFiles%\Trend Micro\TrendSecure\TransactionProtector\dependent\HSChkProxyExe.exe -> Trend Micro Inc. [Ver = 1.0.0.1231 | Size = 144720 bytes | Modified Date = 9/16/2007 8:21:22 AM | Attr =	]
winpfind35u.exe -> %SystemDrive%\HJT\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL ACS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 10:07:32 AM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 2:02:58 AM | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 11:01:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(ehRecvr) Media Center Receiver Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\eHome\ehRecvr.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 12/22/2007 8:50:49 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr =	]
(MDM) Machine Debug Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> File not found
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]
(RoxLiveShare9) RoxLiveShare9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> File not found
(SCardSvr) SCardSvr [Win32_Own | Disabled | Stopped] -> %SystemRoot%\System32\SCardSvr.exe -> File not found
(SfCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\SfCtlCom.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 693512 bytes | Modified Date = 1/21/2008 12:16:34 PM | Attr =	]
(TMBMServer) Trend Micro Unauthorized Change Prevention Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\BM\TMBMSRV.exe -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 333064 bytes | Modified Date = 12/24/2007 5:41:06 PM | Attr =	]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\TmPfw.exe -> Trend Micro Inc. [Ver = 5.1.0.1004 | Size = 480520 bytes | Modified Date = 12/16/2007 7:47:28 PM | Attr =	]
(tmproxy) Trend Micro Proxy Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\TmProxy.exe -> Trend Micro Inc. [Ver = 5.0.0.1138 | Size = 648456 bytes | Modified Date = 9/18/2007 2:31:24 AM | Attr =	]
(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 9:56:14 PM | Attr =	]
(wscsvc) wscsvc [Win32_Own | Boot | Stopped] -> %SystemRoot%\SystemRoot\SystemRoot\C:\WINDOWS\System32\svchost.exe -> File not found
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 3:07:38 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 7/13/2007 11:25:35 AM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273344 bytes | Modified Date = 8/4/2005 2:10:18 AM | Attr =	]
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BANTExt.sys ->  [Ver =  | Size = 3840 bytes | Modified Date = 4/7/2005 4:18:34 PM | Attr =	]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2/1/2005 5:18:38 PM | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr =	]
(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 502272 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 439680 bytes | Modified Date = 11/8/2005 8:15:00 PM | Attr =	]
(ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0463-1.56.0930 | Size = 340704 bytes | Modified Date = 7/13/2005 5:18:00 PM | Attr =	]
(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 7168 bytes | Modified Date = 11/8/2005 8:15:00 PM | Attr =	]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 143360 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr =	]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 10:16:52 AM | Attr =	]
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 10:16:16 AM | Attr =	]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 1:30:00 AM | Attr =	]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 3:20:00 AM | Attr =	]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr =	]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr =   S]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0 built by: WinDDK | Size = 162816 bytes | Modified Date = 6/13/2005 12:58:04 PM | Attr =	]
(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 77824 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]
(ha20x2k) Creative 20X HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ha20x2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1145-2.07.0630 | Size = 1096704 bytes | Modified Date = 4/24/2006 1:12:52 PM | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 10/21/2005 6:58:52 PM | Attr =	]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 10/21/2005 6:58:58 PM | Attr =	]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Modified Date = 10/21/2005 6:52:48 PM | Attr =	]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 7:59:20 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 7:56:26 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 6:20:08 PM | Attr = R  ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 4:48:08 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr =	]
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> Motive, Inc. [Ver = 503.1658.1 | Size = 19345 bytes | Modified Date = 11/22/2004 5:36:34 PM | Attr =	]
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/22/2004 5:36:39 PM | Attr =	]
(neokdss) neokdss [Kernel | On_Demand | Running] -> system32\Drivers\neokdss.sys -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 8:29:56 PM | Attr =	]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1144-2.07.0400 | Size = 114688 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.67a | Size = 43872 bytes | Modified Date = 7/26/2007 3:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr =	]
(retx2) retx2 [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\retx2.sys -> File not found
(RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> System32\Drivers\RimUsb.sys -> File not found
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RimSerial.sys -> Research in Motion Ltd [Ver = 2.1.0.4 | Size = 26496 bytes | Modified Date = 1/18/2007 10:24:58 AM | Attr = R  ]
(RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt61.sys -> Ralink Technology Inc. [Ver = 1.00.03.0000 | Size = 356096 bytes | Modified Date = 10/27/2005 2:06:30 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr =	]
(tmactmon) tmactmon [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]
(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 5.0.0.1131 | Size = 333328 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]
(tmevtmgr) tmevtmgr [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]
(tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 36112 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tmtdi.sys -> trend_company_name [Ver = trend_file_version built by: WinDDK | Size = 65936 bytes | Modified Date = 9/18/2007 2:31:16 AM | Attr =	]
(tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 203024 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr =	]
(vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1126328 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 2:13:04 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 7:58:02 PM | Attr =	]
(Xen_Pci) Xen_Pci [Kernel | Auto | Stopped] ->  -> File not found
(zntport) NTPort Library Driver For Xenetech PCI Board [Kernel | Auto | Stopped] -> %SystemRoot%\System32\drivers\zntport.sys -> File not found
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 9:15:32 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
UfSeAgnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 1393928 bytes | Modified Date = 1/21/2008 12:16:36 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/8/2008 11:37:36 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Boris.LETYBO Startup Folder > -> C:\Documents and Settings\Boris.LETYBO\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ->  [Ver =  | Size = 111616 bytes | Modified Date = 6/20/2006 1:56:06 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> (binary data) -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 10174 domain(s) found. -> 
24 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 1:51:20 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 1:03:00 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 2:33:54 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/22/2007 8:50:48 AM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 1/8/2008 11:37:36 AM | Attr =	]
{C1656CCA-D2EA-4A32-94AE-AE0B180E6449} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [TSToolbarBHO] -> Trend Micro Inc. [Ver = 1.0.0.1231 | Size = 103760 bytes | Modified Date = 9/16/2007 8:21:15 AM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/22/2006 5:00:30 PM | Attr =	]
{E89EAE3F-422C-4286-AFB0-B3DFD3DF0144} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkhhi.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 4:07:08 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/22/2007 8:50:48 AM | Attr = R  ]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [Transaction Protector] -> Trend Micro Inc. [Ver = 1.0.0.1231 | Size = 103760 bytes | Modified Date = 9/16/2007 8:21:15 AM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 1:51:20 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/22/2007 8:50:48 AM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 1:51:20 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1}:Exec -> %ProgramFiles%\Travelaxe\Travelaxe.exe [Travelaxe] -> Travelaxe, Inc. [Ver = 2, 0, 71, 0 | Size = 1712128 bytes | Modified Date = 4/30/2007 9:17:36 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [AT&T Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 2:33:54 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
YPC 3.2.0 -> Yahoo! Parental Controls -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2418908B-D5F8-42C0-A24D-69A05EB31537} ->	(Linksys Wireless-G PCI Adapter) -> 
{9ECBFC4F-A7CF-4929-9DCA-E10E825AA413} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2a | Size = 33280 bytes | Modified Date = 8/25/2006 10:31:04 AM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> 
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}[HKEY_LOCAL_MACHINE] -> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[HKEY_LOCAL_MACHINE] -> http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab[Reg Error: Key does not exist or could not be opened.] -> 
{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}[HKEY_LOCAL_MACHINE] -> http://www.trueswitch.com/sbc/TrueInstallSBC.exe[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/14/2008 6:39:12 PM | Attr =	]
HJT -> %SystemDrive%\HJT ->  [Folder | Created Date = 2/7/2008 5:47:52 PM | Attr =	]
Inetpub -> %SystemDrive%\Inetpub ->  [Folder | Created Date = 2/3/2008 9:45:42 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2/4/2008 9:41:04 PM | Attr =	]
tmactmon.sys -> %SystemRoot%\System32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]
tmevtmgr.sys -> %SystemRoot%\System32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]
axctrnm.h -> %SystemRoot%\System32\axctrnm.h ->  [Ver =  | Size = 2024 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
dvjxdutb.dll -> %SystemRoot%\System32\dvjxdutb.dll ->  [Ver =  | Size = 6729 bytes | Modified Date = 2/14/2008 6:44:25 AM | Attr =	]
infoctrs.h -> %SystemRoot%\System32\infoctrs.h ->  [Ver =  | Size = 3276 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:28 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr =	]
kdfapi.dll -> %SystemRoot%\System32\kdfapi.dll -> Kings Information & Network [Ver = 1, 1, 6, 5 | Size = 77824 bytes | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
Kdfhok.dll -> %SystemRoot%\System32\Kdfhok.dll -> Kings Information & Network [Ver = 4, 0, 0, 5 | Size = 53248 bytes | Modified Date = 2/15/2008 10:07:21 AM | Attr =	]
kdfinj.dll -> %SystemRoot%\System32\kdfinj.dll -> Bluegem Security [Ver = 5, 1, 3, 8 | Size = 849920 bytes | Modified Date = 2/14/2008 6:40:07 PM | Attr =	]
kdfmgr.exe -> %SystemRoot%\System32\kdfmgr.exe -> Bluegem Security [Ver = 5, 1, 8, 7 | Size = 726568 bytes | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
kdfvmgr.exe -> %SystemRoot%\System32\kdfvmgr.exe -> 킹스정보통신 [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
qcrcpcdc.dll -> %SystemRoot%\System32\qcrcpcdc.dll ->  [Ver =  | Size = 6721 bytes | Modified Date = 2/14/2008 6:55:27 AM | Attr =	]
smtpctrs.h -> %SystemRoot%\System32\smtpctrs.h ->  [Ver =  | Size = 8002 bytes | Modified Date = 7/21/2001 2:23:04 PM | Attr =	]
sulvmnlv.dll -> %SystemRoot%\System32\sulvmnlv.dll ->  [Ver =  | Size = 6683 bytes | Modified Date = 2/14/2008 6:46:27 AM | Attr =	]
w3ctrs.h -> %SystemRoot%\System32\w3ctrs.h ->  [Ver =  | Size = 5379 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 2/12/2008 7:27:40 AM | Attr =  HS]
kdefense -> %SystemRoot%\kdefense ->  [Folder | Created Date = 2/14/2008 6:40:07 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/4/2008 7:07:42 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/15/2008 10:04:45 AM | Attr =  H ]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Created Date = 2/3/2008 9:39:10 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Created Date = 2/12/2008 9:35:57 PM | Attr =	]
Viewpoint -> %AppData%\Viewpoint ->  [Folder | Created Date = 1/23/2008 6:48:55 PM | Attr =	]
Trend Micro -> %UserProfile%\Local Settings\Application Data\Trend Micro ->  [Folder | Created Date = 2/12/2008 9:41:40 PM | Attr =	]
Trend Micro -> %AllUsersProfile%\Documents\Trend Micro ->  [Folder | Created Date = 2/12/2008 9:36:58 PM | Attr =	]
{499663EE-202C-4468-874C-198A9E0BC058} -> %AllUsersProfile%\Documents\{499663EE-202C-4468-874C-198A9E0BC058} ->  [Ver =  | Size = 0 bytes | Modified Date = 2/15/2008 10:07:18 AM | Attr =	]
Corel User Files -> %UserProfile%\My Documents\Corel User Files ->  [Folder | Created Date = 2/5/2008 9:00:52 PM | Attr =	]
OldTimersLog Feb 15th -> %UserProfile%\My Documents\OldTimersLog Feb 15th ->  [Folder | Created Date = 2/15/2008 10:16:56 AM | Attr =	]
Setup -> %UserProfile%\My Documents\Setup ->  [Folder | Created Date = 2/12/2008 9:14:57 PM | Attr =	]
Tools -> %UserProfile%\My Documents\Tools ->  [Folder | Created Date = 2/12/2008 9:15:09 PM | Attr =	]
Trend Micro Internet Security Pro.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security Pro.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/12/2008 9:36:16 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Created Date = 2/14/2008 6:33:08 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/14/2008 6:32:04 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
RUNME.bat -> %UserProfile%\Desktop\RUNME.bat ->  [Ver =  | Size = 31 bytes | Modified Date = 11/18/2007 12:17:11 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/14/2008 6:39:12 PM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 2/12/2008 5:20:27 PM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/12/2008 9:35:59 PM | Attr =  H ]
HJT -> %SystemDrive%\HJT ->  [Folder | Modified Date = 2/14/2008 6:11:43 AM | Attr =	]
Inetpub -> %SystemDrive%\Inetpub ->  [Folder | Modified Date = 2/4/2008 8:31:28 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/14/2008 6:36:18 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/9/2008 5:13:03 PM | Attr =  HS]
UNDEFINED -> %SystemDrive%\UNDEFINED ->  [Folder | Modified Date = 1/23/2008 8:05:01 PM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2/11/2008 6:49:46 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/15/2008 10:05:02 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/14/2008 7:00:17 AM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 2/4/2008 8:31:14 PM | Attr =	]
BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx ->  [Ver =  | Size = 55172 bytes | Modified Date = 2/14/2008 10:29:49 PM | Attr =	]
BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx ->  [Ver =  | Size = 55172 bytes | Modified Date = 2/14/2008 10:29:49 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/4/2008 8:38:57 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/15/2008 10:05:51 AM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 2/9/2008 4:59:10 PM | Attr =	]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 1/30/2008 8:47:39 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 6:17:17 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx ->  [Ver =  | Size = 64980 bytes | Modified Date = 2/14/2008 10:29:49 PM | Attr =	]
dvjxdutb.dll -> %SystemRoot%\System32\dvjxdutb.dll ->  [Ver =  | Size = 6729 bytes | Modified Date = 2/14/2008 6:44:25 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 2/4/2008 8:30:10 PM | Attr =	]
kdfapi.dll -> %SystemRoot%\System32\kdfapi.dll -> Kings Information & Network [Ver = 1, 1, 6, 5 | Size = 77824 bytes | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
Kdfhok.dll -> %SystemRoot%\System32\Kdfhok.dll -> Kings Information & Network [Ver = 4, 0, 0, 5 | Size = 53248 bytes | Modified Date = 2/15/2008 10:07:21 AM | Attr =	]
kdfinj.dll -> %SystemRoot%\System32\kdfinj.dll -> Bluegem Security [Ver = 5, 1, 3, 8 | Size = 849920 bytes | Modified Date = 2/14/2008 6:40:07 PM | Attr =	]
kdfmgr.exe -> %SystemRoot%\System32\kdfmgr.exe -> Bluegem Security [Ver = 5, 1, 8, 7 | Size = 726568 bytes | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
kdfvmgr.exe -> %SystemRoot%\System32\kdfvmgr.exe -> 킹스정보통신 [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf ->  [Ver =  | Size = 945 bytes | Modified Date = 2/12/2008 6:00:14 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 107292 bytes | Modified Date = 2/3/2008 9:51:00 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 528436 bytes | Modified Date = 2/3/2008 9:51:00 AM | Attr =	]
qcrcpcdc.dll -> %SystemRoot%\System32\qcrcpcdc.dll ->  [Ver =  | Size = 6721 bytes | Modified Date = 2/14/2008 6:55:27 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/9/2008 5:13:03 PM | Attr =	]
settings.sfm -> %SystemRoot%\System32\settings.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2/14/2008 10:29:49 PM | Attr =	]
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2/14/2008 10:29:49 PM | Attr =	]
sulvmnlv.dll -> %SystemRoot%\System32\sulvmnlv.dll ->  [Ver =  | Size = 6683 bytes | Modified Date = 2/14/2008 6:46:27 AM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/4/2008 8:32:52 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/15/2008 10:04:32 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/12/2008 5:33:28 PM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2/12/2008 9:18:44 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/15/2008 9:48:58 AM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/12/2008 7:27:40 AM | Attr =  HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/15/2008 10:18:06 AM | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/3/2008 9:46:11 AM | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/12/2008 5:58:18 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/12/2008 5:59:55 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 6:17:23 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/12/2008 9:35:59 PM | Attr =  HS]
kdefense -> %SystemRoot%\kdefense ->  [Folder | Modified Date = 2/14/2008 6:40:10 PM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2/12/2008 6:00:45 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2/8/2008 6:34:34 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/15/2008 10:18:18 AM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/4/2008 7:07:42 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/15/2008 10:04:45 AM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/15/2008 9:50:14 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/4/2008 8:16:52 PM | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Modified Date = 2/4/2008 8:31:29 PM | Attr =	]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI ->  [Ver =  | Size = 275 bytes | Modified Date = 2/12/2008 5:20:27 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/15/2008 10:09:20 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/12/2008 9:17:06 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/15/2008 10:06:53 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 637 bytes | Modified Date = 2/12/2008 5:20:27 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 1947 bytes | Modified Date = 2/12/2008 5:17:18 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/6/2008 12:56:00 PM | Attr =	]
McAfee.com Scan for Viruses - My Computer (LETYBO-Lety).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (LETYBO-Lety).job ->  [Ver =  | Size = 348 bytes | Modified Date = 2/1/2008 6:30:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/15/2008 9:49:05 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2/14/2008 7:37:47 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2/14/2008 7:37:47 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11114 bytes | Modified Date = 6/24/2006 2:13:01 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8422 bytes | Modified Date = 3/30/2007 6:54:42 PM | Attr =	]
GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\GridLayout.dat ->  [Ver =  | Size = 396332 bytes | Modified Date = 9/28/2006 8:15:06 PM | Attr =	]
pa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\2.0\pa.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 9/5/2006 2:10:44 PM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/6/2007 9:59:01 PM | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 191031 bytes | Modified Date = 12/22/2007 7:43:09 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 368640 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 446464 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
lsse.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Spyware\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
daas_s.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.12471 | Size = 500120 bytes | Modified Date = 5/7/2007 4:38:46 PM | Attr =	]
DFFPI.DLL -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\DFFPI.DLL -> F-Secure Corporation [Ver = 1.02.37 | Size = 151552 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 486912 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13100 | Size = 113664 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
fsbld.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2/15/2008 10:18:05 AM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.50.13330.18100 | Size = 68096 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
FSHKE.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FSHKE.dll -> F-Secure Corporation [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
FSLFPI.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FSLFPI.dll -> F-Secure Corporation [Ver = 2.04.02 | Size = 237664 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
lsse.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 2/15/2008 10:17:40 AM | Attr =	]
segrules.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\segrules.dat ->  [Ver =  | Size = 707 bytes | Modified Date = 2/15/2008 10:13:44 AM | Attr =	]
ext.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 2/15/2008 10:18:02 AM | Attr =	]
fshke.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fshke.dat ->  [Ver =  | Size = 84 bytes | Modified Date = 2/15/2008 10:18:03 AM | Attr =	]
orion.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\orion.dat ->  [Ver =  | Size = 741076 bytes | Modified Date = 2/15/2008 10:15:48 AM | Attr =	]
orioneng.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\orioneng.dat ->  [Ver =  | Size = 1325 bytes | Modified Date = 2/15/2008 10:15:48 AM | Attr =	]
orionfin.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\orionfin.dat ->  [Ver =  | Size = 1599 bytes | Modified Date = 2/15/2008 10:15:48 AM | Attr =	]
perf.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 2/15/2008 11:40:17 AM | Attr =	]
sae.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 2/15/2008 10:18:02 AM | Attr =	]
sai.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 2/15/2008 10:18:02 AM | Attr =	]
FS@swdb.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Spyware\FS@swdb.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2/15/2008 10:16:07 AM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 2/15/2008 10:18:02 AM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2/15/2008 10:15:44 AM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 2/15/2008 10:18:05 AM | Attr =	]
FS@hkeng.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hkeng.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/15/2008 10:18:03 AM | Attr =	]
FS@libra.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@libra.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/15/2008 10:17:51 AM | Attr =	]
FS@ols3bin.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols3bin.ini ->  [Ver =  | Size = 175 bytes | Modified Date = 2/15/2008 10:18:01 AM | Attr =	]
FS@orion.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@orion.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/15/2008 10:15:48 AM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 2/15/2008 10:17:40 AM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 2/15/2008 10:15:45 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink ->  [Folder | Modified Date = 1/23/2008 5:51:05 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 1/28/2008 9:09:09 PM | Attr =	]
Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 2/12/2008 5:59:46 PM | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2/12/2008 9:23:01 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/12/2008 5:07:42 PM | Attr =	]
@Alternate Data Stream - 177 bytes -> %AllUsersProfile%\Application Data\TEMP:D2F2F703
Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Modified Date = 2/12/2008 9:36:05 PM | Attr =	]
Roxio -> %AppData%\Roxio ->  [Folder | Modified Date = 2/2/2008 9:23:36 PM | Attr =	]
Viewpoint -> %AppData%\Viewpoint ->  [Folder | Modified Date = 1/23/2008 6:48:55 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 29184 bytes | Modified Date = 1/27/2008 9:54:11 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2696282 bytes | Modified Date = 2/9/2008 5:17:49 PM | Attr =  H ]
Trend Micro -> %UserProfile%\Local Settings\Application Data\Trend Micro ->  [Folder | Modified Date = 2/12/2008 9:41:40 PM | Attr =	]
Trend Micro -> %AllUsersProfile%\Documents\Trend Micro ->  [Folder | Modified Date = 2/12/2008 9:36:58 PM | Attr =	]
{499663EE-202C-4468-874C-198A9E0BC058} -> %AllUsersProfile%\Documents\{499663EE-202C-4468-874C-198A9E0BC058} ->  [Ver =  | Size = 0 bytes | Modified Date = 2/15/2008 10:07:18 AM | Attr =	]
Corel User Files -> %UserProfile%\My Documents\Corel User Files ->  [Folder | Modified Date = 2/5/2008 9:24:28 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 1/17/2008 8:03:19 PM | Attr = R  ]
My PSP Files -> %UserProfile%\My Documents\My PSP Files ->  [Folder | Modified Date = 2/5/2008 7:04:15 PM | Attr =	]
OldTimersLog Feb 15th -> %UserProfile%\My Documents\OldTimersLog Feb 15th ->  [Folder | Modified Date = 2/15/2008 11:38:07 AM | Attr =	]
Setup -> %UserProfile%\My Documents\Setup ->  [Folder | Modified Date = 2/12/2008 9:15:09 PM | Attr =	]
Tools -> %UserProfile%\My Documents\Tools ->  [Folder | Modified Date = 2/12/2008 9:15:09 PM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 1/21/2008 5:59:19 PM | Attr =	]
Trend Micro Internet Security Pro.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security Pro.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/12/2008 9:36:16 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Modified Date = 2/14/2008 6:33:08 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/14/2008 6:32:04 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
Ahead -> %CommonProgramFiles%\Ahead ->  [Folder | Modified Date = 2/3/2008 10:08:35 AM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2/12/2008 9:23:01 PM | Attr =	]

< End of report >


##################################



Scanning Report
Friday, February 15, 2008 10:18:07 - 11:35:49
Computer name: LETYBO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 3 malware found
Rootkit.Win32.Agent.zf (virus)
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\QUARANTINE\RETX2.SYS (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
Windows (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 56470
System: 5878
Not scanned: 5
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
None: 1
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1C5BCCAD-8BE4-4980-8014-3EF984E4EE9D}.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\{499663EE-202C-4468-874C-198A9E0BC058}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-02-13
F-Secure AVP: 7.0.171, 2008-02-15
F-Secure Orion: 1.2.37, 2008-02-15
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.20.0, 2008-01-13
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
ASCII a stupid question get a stupid ANSI

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:31 PM

Posted 15 February 2008 - 03:03 PM

Hi bojigga. Yes, WinPFind35 will hang if the infection is still active. There are still a few files left on the machine we need to remove.

Step #1

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to unload:
neokdss
retx2
wscsvc
Files to delete:
%SystemRoot%\system32\drivers\retx2.sys
%SystemRoot%\System32\dvjxdutb.dll
%SystemRoot%\system32\jkhhi.dll 
%SystemRoot%\System32\qcrcpcdc.dll
%SystemRoot%\System32\sulvmnlv.dll
%SystemRoot%\SystemRoot\SystemRoot\C:\WINDOWS\System32\svchost.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
NY -> (wscsvc) wscsvc [Win32_Own | Boot | Stopped] -> %SystemRoot%\SystemRoot\SystemRoot\C:\WINDOWS\System32\svchost.exe
[Driver Services - Non-Microsoft Only]
YY -> (neokdss) neokdss [Kernel | On_Demand | Running] -> system32\Drivers\neokdss.sys
NY -> (retx2) retx2 [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\retx2.sys
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {E89EAE3F-422C-4286-AFB0-B3DFD3DF0144} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkhhi.dll [Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> dvjxdutb.dll -> %SystemRoot%\System32\dvjxdutb.dll
NY -> qcrcpcdc.dll -> %SystemRoot%\System32\qcrcpcdc.dll
NY -> sulvmnlv.dll -> %SystemRoot%\System32\sulvmnlv.dll
[Files/Folders - Modified Within 30 days]
NY -> dvjxdutb.dll -> %SystemRoot%\System32\dvjxdutb.dll
NY -> qcrcpcdc.dll -> %SystemRoot%\System32\qcrcpcdc.dll
NY -> sulvmnlv.dll -> %SystemRoot%\System32\sulvmnlv.dll
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 bojigga

bojigga
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:12:31 PM

Posted 15 February 2008 - 05:48 PM

OK here we go OT,

WinPFind35u FIX ran without a hitch this time. Here are the logs you requested.

##############################################

Scanning Report
Friday, February 15, 2008 14:59:49 - 16:26:19
Computer name: LETYBO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
Rootkit.Win32.Agent.zf (virus)
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\QUARANTINE\RETX2.SYS (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 55856
System: 5871
Not scanned: 5
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1C5BCCAD-8BE4-4980-8014-3EF984E4EE9D}.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\{499663EE-202C-4468-874C-198A9E0BC058}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-02-13
F-Secure AVP: 7.0.171, 2008-02-15
F-Secure Orion: 1.2.37, 2008-02-15
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.20.0, 2008-01-13
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

##################################


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bcaqgxbw

*******************

Script file located at: \??\C:\WINDOWS\epojmlce.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver neokdss unloaded successfully.
Driver retx2 unloaded successfully.
Driver wscsvc unloaded successfully.


File C:\WINDOWS\system32\drivers\retx2.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\retx2.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\retx2.sys
Status: 0xc0000034

File C:\WINDOWS\System32\dvjxdutb.dll deleted successfully.


File C:\WINDOWS\system32\jkhhi.dll not found!
Deletion of file C:\WINDOWS\system32\jkhhi.dll failed!

Could not process line:
C:\WINDOWS\system32\jkhhi.dll
Status: 0xc0000034

File C:\WINDOWS\System32\qcrcpcdc.dll deleted successfully.
File C:\WINDOWS\System32\sulvmnlv.dll deleted successfully.


Could not open file C:\WINDOWS\SystemRoot\SystemRoot\C:\WINDOWS\System32\svchost.exe for deletion
Deletion of file C:\WINDOWS\SystemRoot\SystemRoot\C:\WINDOWS\System32\svchost.exe failed!

Could not process line:
C:\WINDOWS\SystemRoot\SystemRoot\C:\WINDOWS\System32\svchost.exe
Status: 0xc0000033


Completed script processing.

*******************

Finished! Terminate.


####################################

WinPFind35 logfile created on: 2/15/2008 4:30:50 PM
WinPFind35U Version Beta51	 Folder = C:\HJT\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.07 Mb Total Physical Memory | 485.88 Mb Available Physical Memory | 47.54% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.83 Gb Total Space | 60.85 Gb Free Space | 42.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LETYBO
Current User Name: Boris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/8/2008 11:37:36 AM | Attr =	]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 9:56:14 PM | Attr =	]
wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe -> Linksys [Ver = 1.0.1.8 | Size = 5238272 bytes | Modified Date = 11/16/2005 4:49:44 AM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr =	]
tscfplatformcomsvr.exe -> %ProgramFiles%\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe -> Trend Micro Inc. [Ver = 1.0.0.1205 | Size = 152912 bytes | Modified Date = 9/11/2007 11:55:03 AM | Attr =	]
hschkproxyexe.exe -> %ProgramFiles%\Trend Micro\TrendSecure\TransactionProtector\dependent\HSChkProxyExe.exe -> Trend Micro Inc. [Ver = 1.0.0.1231 | Size = 144720 bytes | Modified Date = 9/16/2007 8:21:22 AM | Attr =	]
winpfind35u.exe -> %SystemDrive%\HJT\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL ACS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1		 | Size = 1135728 bytes | Modified Date = 4/7/2004 10:07:32 AM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 2:02:58 AM | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 11:01:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(ehRecvr) Media Center Receiver Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\eHome\ehRecvr.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 12/22/2007 8:50:49 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr =	]
(MDM) Machine Debug Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> File not found
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]
(RoxLiveShare9) RoxLiveShare9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> File not found
(SCardSvr) SCardSvr [Win32_Own | Disabled | Stopped] -> %SystemRoot%\System32\SCardSvr.exe -> File not found
(SfCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\SfCtlCom.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 693512 bytes | Modified Date = 1/21/2008 12:16:34 PM | Attr =	]
(TMBMServer) Trend Micro Unauthorized Change Prevention Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\BM\TMBMSRV.exe -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 333064 bytes | Modified Date = 12/24/2007 5:41:06 PM | Attr =	]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\TmPfw.exe -> Trend Micro Inc. [Ver = 5.1.0.1004 | Size = 480520 bytes | Modified Date = 12/16/2007 7:47:28 PM | Attr =	]
(tmproxy) Trend Micro Proxy Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\TmProxy.exe -> Trend Micro Inc. [Ver = 5.0.0.1138 | Size = 648456 bytes | Modified Date = 9/18/2007 2:31:24 AM | Attr =	]
(WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 9:56:14 PM | Attr =	]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 3:07:38 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 7/13/2007 11:25:35 AM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273344 bytes | Modified Date = 8/4/2005 2:10:18 AM | Attr =	]
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BANTExt.sys ->  [Ver =  | Size = 3840 bytes | Modified Date = 4/7/2005 4:18:34 PM | Attr =	]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2/1/2005 5:18:38 PM | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr =	]
(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 502272 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 439680 bytes | Modified Date = 11/8/2005 8:15:00 PM | Attr =	]
(ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0463-1.56.0930 | Size = 340704 bytes | Modified Date = 7/13/2005 5:18:00 PM | Attr =	]
(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 7168 bytes | Modified Date = 11/8/2005 8:15:00 PM | Attr =	]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 143360 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr =	]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 10:16:52 AM | Attr =	]
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 10:16:16 AM | Attr =	]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 1:30:00 AM | Attr =	]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 3:20:00 AM | Attr =	]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr =	]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr =   S]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0 built by: WinDDK | Size = 162816 bytes | Modified Date = 6/13/2005 12:58:04 PM | Attr =	]
(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 77824 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]
(ha20x2k) Creative 20X HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ha20x2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1145-2.07.0630 | Size = 1096704 bytes | Modified Date = 4/24/2006 1:12:52 PM | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 10/21/2005 6:58:52 PM | Attr =	]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 10/21/2005 6:58:58 PM | Attr =	]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Modified Date = 10/21/2005 6:52:48 PM | Attr =	]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 7:59:20 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 7:56:26 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 6:20:08 PM | Attr = R  ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 4:48:08 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr =	]
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> Motive, Inc. [Ver = 503.1658.1 | Size = 19345 bytes | Modified Date = 11/22/2004 5:36:34 PM | Attr =	]
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/22/2004 5:36:39 PM | Attr =	]
(neokdss) neokdss [Kernel | On_Demand | Running] -> system32\Drivers\neokdss.sys -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 8:29:56 PM | Attr =	]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1144-2.07.0400 | Size = 114688 bytes | Modified Date = 11/8/2005 8:14:00 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.67a | Size = 43872 bytes | Modified Date = 7/26/2007 3:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr =	]
(RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> System32\Drivers\RimUsb.sys -> File not found
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RimSerial.sys -> Research in Motion Ltd [Ver = 2.1.0.4 | Size = 26496 bytes | Modified Date = 1/18/2007 10:24:58 AM | Attr = R  ]
(RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt61.sys -> Ralink Technology Inc. [Ver = 1.00.03.0000 | Size = 356096 bytes | Modified Date = 10/27/2005 2:06:30 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr =	]
(tmactmon) tmactmon [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]
(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 5.0.0.1131 | Size = 333328 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]
(tmevtmgr) tmevtmgr [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]
(tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 36112 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tmtdi.sys -> trend_company_name [Ver = trend_file_version built by: WinDDK | Size = 65936 bytes | Modified Date = 9/18/2007 2:31:16 AM | Attr =	]
(tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 203024 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr =	]
(vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1126328 bytes | Modified Date = 9/18/2007 2:31:14 AM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 2:13:04 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 7:58:02 PM | Attr =	]
(Xen_Pci) Xen_Pci [Kernel | Auto | Stopped] ->  -> File not found
(zntport) NTPort Library Driver For Xenetech PCI Board [Kernel | Auto | Stopped] -> %SystemRoot%\System32\drivers\zntport.sys -> File not found
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 9:15:32 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr =	]
KernelFaultCheck ->  -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
UfSeAgnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 1393928 bytes | Modified Date = 1/21/2008 12:16:36 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/8/2008 11:37:36 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Boris.LETYBO Startup Folder > -> C:\Documents and Settings\Boris.LETYBO\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ->  [Ver =  | Size = 111616 bytes | Modified Date = 6/20/2006 1:56:06 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> (binary data) -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 10174 domain(s) found. -> 
24 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 1:51:20 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 1:03:00 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 2:33:54 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/22/2007 8:50:48 AM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 1/8/2008 11:37:36 AM | Attr =	]
{C1656CCA-D2EA-4A32-94AE-AE0B180E6449} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [TSToolbarBHO] -> Trend Micro Inc. [Ver = 1.0.0.1231 | Size = 103760 bytes | Modified Date = 9/16/2007 8:21:15 AM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/22/2006 5:00:30 PM | Attr =	]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 4:07:08 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/22/2007 8:50:48 AM | Attr = R  ]
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [Transaction Protector] -> Trend Micro Inc. [Ver = 1.0.0.1231 | Size = 103760 bytes | Modified Date = 9/16/2007 8:21:15 AM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 1:51:20 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/22/2007 8:50:48 AM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 1:51:20 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1}:Exec -> %ProgramFiles%\Travelaxe\Travelaxe.exe [Travelaxe] -> Travelaxe, Inc. [Ver = 2, 0, 71, 0 | Size = 1712128 bytes | Modified Date = 4/30/2007 9:17:36 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [AT&T Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 2:33:54 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
YPC 3.2.0 -> Yahoo! Parental Controls -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2418908B-D5F8-42C0-A24D-69A05EB31537} ->	(Linksys Wireless-G PCI Adapter) -> 
{9ECBFC4F-A7CF-4929-9DCA-E10E825AA413} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2a | Size = 33280 bytes | Modified Date = 8/25/2006 10:31:04 AM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> 
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}[HKEY_LOCAL_MACHINE] -> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[HKEY_LOCAL_MACHINE] -> http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab[Reg Error: Key does not exist or could not be opened.] -> 
{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}[HKEY_LOCAL_MACHINE] -> http://www.trueswitch.com/sbc/TrueInstallSBC.exe[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/15/2008 2:41:26 PM | Attr =	]
HJT -> %SystemDrive%\HJT ->  [Folder | Created Date = 2/7/2008 5:47:52 PM | Attr =	]
Inetpub -> %SystemDrive%\Inetpub ->  [Folder | Created Date = 2/3/2008 9:45:42 AM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2/4/2008 9:41:04 PM | Attr =	]
tmactmon.sys -> %SystemRoot%\System32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]
tmevtmgr.sys -> %SystemRoot%\System32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]
axctrnm.h -> %SystemRoot%\System32\axctrnm.h ->  [Ver =  | Size = 2024 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
infoctrs.h -> %SystemRoot%\System32\infoctrs.h ->  [Ver =  | Size = 3276 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:28 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr =	]
kdfapi.dll -> %SystemRoot%\System32\kdfapi.dll -> Kings Information & Network [Ver = 1, 1, 6, 5 | Size = 77824 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
Kdfhok.dll -> %SystemRoot%\System32\Kdfhok.dll -> Kings Information & Network [Ver = 4, 0, 0, 5 | Size = 53248 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
kdfinj.dll -> %SystemRoot%\System32\kdfinj.dll -> Bluegem Security [Ver = 5, 1, 3, 8 | Size = 849920 bytes | Modified Date = 2/14/2008 6:40:07 PM | Attr =	]
kdfmgr.exe -> %SystemRoot%\System32\kdfmgr.exe -> Bluegem Security [Ver = 5, 1, 8, 7 | Size = 726568 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
kdfvmgr.exe -> %SystemRoot%\System32\kdfvmgr.exe -> 킹스정보통신 [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
smtpctrs.h -> %SystemRoot%\System32\smtpctrs.h ->  [Ver =  | Size = 8002 bytes | Modified Date = 7/21/2001 2:23:04 PM | Attr =	]
w3ctrs.h -> %SystemRoot%\System32\w3ctrs.h ->  [Ver =  | Size = 5379 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 2/12/2008 7:27:40 AM | Attr =  HS]
kdefense -> %SystemRoot%\kdefense ->  [Folder | Created Date = 2/14/2008 6:40:07 PM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 2/15/2008 2:55:02 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 2/15/2008 2:48:32 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/4/2008 7:07:42 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/15/2008 2:49:21 PM | Attr =  H ]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Created Date = 2/3/2008 9:39:10 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Created Date = 2/12/2008 9:35:57 PM | Attr =	]
Viewpoint -> %AppData%\Viewpoint ->  [Folder | Created Date = 1/23/2008 6:48:55 PM | Attr =	]
Trend Micro -> %UserProfile%\Local Settings\Application Data\Trend Micro ->  [Folder | Created Date = 2/12/2008 9:41:40 PM | Attr =	]
Trend Micro -> %AllUsersProfile%\Documents\Trend Micro ->  [Folder | Created Date = 2/12/2008 9:36:58 PM | Attr =	]
{499663EE-202C-4468-874C-198A9E0BC058} -> %AllUsersProfile%\Documents\{499663EE-202C-4468-874C-198A9E0BC058} ->  [Ver =  | Size = 0 bytes | Modified Date = 2/15/2008 2:51:24 PM | Attr =	]
Corel User Files -> %UserProfile%\My Documents\Corel User Files ->  [Folder | Created Date = 2/5/2008 9:00:52 PM | Attr =	]
OldTimersLog Feb 15th -> %UserProfile%\My Documents\OldTimersLog Feb 15th ->  [Folder | Created Date = 2/15/2008 10:16:56 AM | Attr =	]
Setup -> %UserProfile%\My Documents\Setup ->  [Folder | Created Date = 2/12/2008 9:14:57 PM | Attr =	]
Tools -> %UserProfile%\My Documents\Tools ->  [Folder | Created Date = 2/12/2008 9:15:09 PM | Attr =	]
Trend Micro Internet Security Pro.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security Pro.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/12/2008 9:36:16 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Created Date = 2/14/2008 6:33:08 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/15/2008 2:32:50 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
RUNME.bat -> %UserProfile%\Desktop\RUNME.bat ->  [Ver =  | Size = 31 bytes | Modified Date = 11/18/2007 12:17:11 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/15/2008 2:41:26 PM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 2/12/2008 5:20:27 PM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/12/2008 9:35:59 PM | Attr =  H ]
HJT -> %SystemDrive%\HJT ->  [Folder | Modified Date = 2/14/2008 6:11:43 AM | Attr =	]
Inetpub -> %SystemDrive%\Inetpub ->  [Folder | Modified Date = 2/4/2008 8:31:28 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/14/2008 6:36:18 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/9/2008 5:13:03 PM | Attr =  HS]
UNDEFINED -> %SystemDrive%\UNDEFINED ->  [Folder | Modified Date = 1/23/2008 8:05:01 PM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2/11/2008 6:49:46 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/15/2008 2:55:02 PM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/14/2008 7:00:17 AM | Attr =	]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 2/4/2008 8:31:14 PM | Attr =	]
BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx ->  [Ver =  | Size = 55172 bytes | Modified Date = 2/15/2008 2:39:40 PM | Attr =	]
BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx ->  [Ver =  | Size = 55172 bytes | Modified Date = 2/15/2008 2:39:40 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/4/2008 8:38:57 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/15/2008 2:49:54 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 2/9/2008 4:59:10 PM | Attr =	]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 1/30/2008 8:47:39 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 6:17:17 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx ->  [Ver =  | Size = 64980 bytes | Modified Date = 2/15/2008 2:39:41 PM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 2/4/2008 8:30:10 PM | Attr =	]
kdfapi.dll -> %SystemRoot%\System32\kdfapi.dll -> Kings Information & Network [Ver = 1, 1, 6, 5 | Size = 77824 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
Kdfhok.dll -> %SystemRoot%\System32\Kdfhok.dll -> Kings Information & Network [Ver = 4, 0, 0, 5 | Size = 53248 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
kdfinj.dll -> %SystemRoot%\System32\kdfinj.dll -> Bluegem Security [Ver = 5, 1, 3, 8 | Size = 849920 bytes | Modified Date = 2/14/2008 6:40:07 PM | Attr =	]
kdfmgr.exe -> %SystemRoot%\System32\kdfmgr.exe -> Bluegem Security [Ver = 5, 1, 8, 7 | Size = 726568 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
kdfvmgr.exe -> %SystemRoot%\System32\kdfvmgr.exe -> 킹스정보통신 [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf ->  [Ver =  | Size = 945 bytes | Modified Date = 2/12/2008 6:00:14 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 107292 bytes | Modified Date = 2/3/2008 9:51:00 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 528436 bytes | Modified Date = 2/3/2008 9:51:00 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/9/2008 5:13:03 PM | Attr =	]
settings.sfm -> %SystemRoot%\System32\settings.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2/15/2008 2:39:41 PM | Attr =	]
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2/15/2008 2:39:41 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/4/2008 8:32:52 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/15/2008 2:49:54 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/12/2008 5:33:28 PM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2/12/2008 9:18:44 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/15/2008 2:48:31 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/12/2008 7:27:40 AM | Attr =  HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/15/2008 2:59:47 PM | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/3/2008 9:46:11 AM | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/12/2008 5:58:18 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/12/2008 5:59:55 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 6:17:23 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/12/2008 9:35:59 PM | Attr =  HS]
kdefense -> %SystemRoot%\kdefense ->  [Folder | Modified Date = 2/14/2008 6:40:10 PM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 2/15/2008 2:55:02 PM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2/12/2008 6:00:45 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/15/2008 2:48:32 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2/8/2008 6:34:34 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/15/2008 2:48:41 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/4/2008 7:07:42 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/15/2008 2:49:21 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/15/2008 2:50:09 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/4/2008 8:16:52 PM | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Modified Date = 2/4/2008 8:31:29 PM | Attr =	]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI ->  [Ver =  | Size = 275 bytes | Modified Date = 2/12/2008 5:20:27 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/15/2008 2:51:26 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/12/2008 9:17:06 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/15/2008 2:55:03 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 637 bytes | Modified Date = 2/12/2008 5:20:27 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 1947 bytes | Modified Date = 2/12/2008 5:17:18 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/6/2008 12:56:00 PM | Attr =	]
McAfee.com Scan for Viruses - My Computer (LETYBO-Lety).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (LETYBO-Lety).job ->  [Ver =  | Size = 348 bytes | Modified Date = 2/1/2008 6:30:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/15/2008 2:48:40 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2/14/2008 7:37:47 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2/14/2008 7:37:47 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11114 bytes | Modified Date = 6/24/2006 2:13:01 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8422 bytes | Modified Date = 3/30/2007 6:54:42 PM | Attr =	]
GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\GridLayout.dat ->  [Ver =  | Size = 396332 bytes | Modified Date = 9/28/2006 8:15:06 PM | Attr =	]
pa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\2.0\pa.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 9/5/2006 2:10:44 PM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/6/2007 9:59:01 PM | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 191031 bytes | Modified Date = 12/22/2007 7:43:09 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 368640 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 446464 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
lsse.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Spyware\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.12471 | Size = 500120 bytes | Modified Date = 5/7/2007 4:38:46 PM | Attr =	]
DFFPI.DLL -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\DFFPI.DLL -> F-Secure Corporation [Ver = 1.02.37 | Size = 151552 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 486912 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13100 | Size = 113664 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
fsbld.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2/15/2008 2:59:47 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.50.13330.18100 | Size = 68096 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
FSHKE.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FSHKE.dll -> F-Secure Corporation [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
FSLFPI.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FSLFPI.dll -> F-Secure Corporation [Ver = 2.04.02 | Size = 237664 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
lsse.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 2/15/2008 2:59:19 PM | Attr =	]
segrules.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\segrules.dat ->  [Ver =  | Size = 707 bytes | Modified Date = 2/15/2008 2:55:23 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 2/15/2008 2:59:44 PM | Attr =	]
fshke.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\fshke.dat ->  [Ver =  | Size = 84 bytes | Modified Date = 2/15/2008 2:59:44 PM | Attr =	]
orion.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\orion.dat ->  [Ver =  | Size = 741165 bytes | Modified Date = 2/15/2008 2:57:28 PM | Attr =	]
orioneng.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\orioneng.dat ->  [Ver =  | Size = 1325 bytes | Modified Date = 2/15/2008 2:57:28 PM | Attr =	]
orionfin.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\orionfin.dat ->  [Ver =  | Size = 1599 bytes | Modified Date = 2/15/2008 2:57:28 PM | Attr =	]
perf.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 2/15/2008 4:28:44 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 2/15/2008 2:59:44 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 2/15/2008 2:59:44 PM | Attr =	]
FS@swdb.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Spyware\FS@swdb.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2/15/2008 2:57:46 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 2/15/2008 2:59:44 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2/15/2008 2:57:23 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 2/15/2008 2:59:47 PM | Attr =	]
FS@hkeng.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hkeng.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/15/2008 2:59:44 PM | Attr =	]
FS@libra.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@libra.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/15/2008 2:59:32 PM | Attr =	]
FS@ols3bin.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols3bin.ini ->  [Ver =  | Size = 175 bytes | Modified Date = 2/15/2008 2:59:43 PM | Attr =	]
FS@orion.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@orion.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/15/2008 2:57:28 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 2/15/2008 2:59:19 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Boris.LETYBO\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 2/15/2008 2:57:23 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink ->  [Folder | Modified Date = 1/23/2008 5:51:05 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 1/28/2008 9:09:09 PM | Attr =	]
Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 2/12/2008 5:59:46 PM | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2/12/2008 9:23:01 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/12/2008 5:07:42 PM | Attr =	]
@Alternate Data Stream - 177 bytes -> %AllUsersProfile%\Application Data\TEMP:D2F2F703
Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Modified Date = 2/12/2008 9:36:05 PM | Attr =	]
Roxio -> %AppData%\Roxio ->  [Folder | Modified Date = 2/2/2008 9:23:36 PM | Attr =	]
Viewpoint -> %AppData%\Viewpoint ->  [Folder | Modified Date = 1/23/2008 6:48:55 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 29184 bytes | Modified Date = 1/27/2008 9:54:11 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2696282 bytes | Modified Date = 2/9/2008 5:17:49 PM | Attr =  H ]
Trend Micro -> %UserProfile%\Local Settings\Application Data\Trend Micro ->  [Folder | Modified Date = 2/12/2008 9:41:40 PM | Attr =	]
Trend Micro -> %AllUsersProfile%\Documents\Trend Micro ->  [Folder | Modified Date = 2/12/2008 9:36:58 PM | Attr =	]
{499663EE-202C-4468-874C-198A9E0BC058} -> %AllUsersProfile%\Documents\{499663EE-202C-4468-874C-198A9E0BC058} ->  [Ver =  | Size = 0 bytes | Modified Date = 2/15/2008 2:51:24 PM | Attr =	]
Corel User Files -> %UserProfile%\My Documents\Corel User Files ->  [Folder | Modified Date = 2/5/2008 9:24:28 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 1/17/2008 8:03:19 PM | Attr = R  ]
My PSP Files -> %UserProfile%\My Documents\My PSP Files ->  [Folder | Modified Date = 2/5/2008 7:04:15 PM | Attr =	]
OldTimersLog Feb 15th -> %UserProfile%\My Documents\OldTimersLog Feb 15th ->  [Folder | Modified Date = 2/15/2008 4:27:25 PM | Attr =	]
Setup -> %UserProfile%\My Documents\Setup ->  [Folder | Modified Date = 2/12/2008 9:15:09 PM | Attr =	]
Tools -> %UserProfile%\My Documents\Tools ->  [Folder | Modified Date = 2/12/2008 9:15:09 PM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 1/21/2008 5:59:19 PM | Attr =	]
Trend Micro Internet Security Pro.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security Pro.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/12/2008 9:36:16 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Modified Date = 2/15/2008 2:29:48 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/15/2008 2:32:50 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
Ahead -> %CommonProgramFiles%\Ahead ->  [Folder | Modified Date = 2/3/2008 10:08:35 AM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2/12/2008 9:23:01 PM | Attr =	]

< End of report >

#################################




Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Unable to stop service wscsvc .
Unable to delete service wscsvc .
File C:\WINDOWS\SystemRoot\SystemRoot\C:\WINDOWS\System32\svchost.exe not found.
[Driver Services - Non-Microsoft Only]
Service neokdss stopped successfully.
Service neokdss deleted successfully.
File system32\Drivers\neokdss.sys not found.
Unable to stop service retx2 .
Unable to delete service retx2 .
File C:\WINDOWS\system32\drivers\retx2.sys not found.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E89EAE3F-422C-4286-AFB0-B3DFD3DF0144}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E89EAE3F-422C-4286-AFB0-B3DFD3DF0144}\ deleted successfully.
File C:\WINDOWS\system32\jkhhi.dll not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\dvjxdutb.dll not found!
File C:\WINDOWS\System32\qcrcpcdc.dll not found!
File C:\WINDOWS\System32\sulvmnlv.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\dvjxdutb.dll not found!
File C:\WINDOWS\System32\qcrcpcdc.dll not found!
File C:\WINDOWS\System32\sulvmnlv.dll not found!
[Empty Temp Folders]
ASCII a stupid question get a stupid ANSI

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:31 PM

Posted 15 February 2008 - 07:32 PM

Hi bojigga. That all looks good! How are things running? Any more issues? If not, then run the system for a couple of days and get back to me so we can do some final cleanup.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 bojigga

bojigga
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:12:31 PM

Posted 15 February 2008 - 08:06 PM

Hello Old Timer,

Wow everything runs great! The assistance and patience along with the timely response has left me very impressed and forever in your debt. OldTimer you are the greatest! I thank you all and who assist on BC. Everyone here has been courteous, polite, and very professional. I look foward to working with you OldTimer aswell as your fine bretheren in the future.

Thank you,
Bojigga
ASCII a stupid question get a stupid ANSI

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:31 PM

Posted 16 February 2008 - 10:06 AM

Hi bojigga. Glad to hear things are running well. Let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 bojigga

bojigga
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:12:31 PM

Posted 16 February 2008 - 06:28 PM

OT,

Once again thanx for all of your help. Everything seems to be working fine. I have a few questions regarding system restore but i will post them in the appropriate forums so that others may benefit.

OT,I look forward to working with you again but until then take care.

bojigga
ASCII a stupid question get a stupid ANSI

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:31 PM

Posted 17 February 2008 - 09:19 AM

You are very welcome bojigga, I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users