Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Controller And Services App Has Encountered An Error...


  • Please log in to reply
4 replies to this topic

#1 wyrdmage

wyrdmage

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brightwood, OR
  • Local time:06:56 AM

Posted 26 May 2007 - 08:00 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:53:29 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Alwil Software\Avast4\aswUpdSv.exe
D:\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
D:\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Magickey\MagicKey.exe
C:\Program Files\Magickey\OSD.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [avast!] D:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Versato] C:\Program Files\Magickey\MagicKey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169422414015
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by144fd.bay144.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:56 AM

Posted 27 May 2007 - 09:47 AM

Hello wyrdmage and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

Let's try a different scanner and see what it shows us. Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Driver Services group select Non-Microsoft.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 wyrdmage

wyrdmage
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brightwood, OR
  • Local time:06:56 AM

Posted 27 May 2007 - 06:50 PM

WinPFind3 logfile created on: 5/27/2007 4:40:43 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Dad\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

511.01 Mb Total Physical Memory | 282.26 Mb Available Physical Memory | 55.24% Memory free
1.22 Gb Paging File | 1.03 Gb Available in Paging File | 84.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 6.08 Gb Free Space | 32.62% Space Free
Drive D: | 37.24 Gb Total Space | 28.68 Gb Free Space | 77.01% Space Free
Drive E: | 262.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: DELL_PC
Current User Name: Dad
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ashdisp.exe -> %UserDocuments%Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr = ]
ashserv.exe -> %UserDocuments%Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr = ]
aswupdsv.exe -> %UserDocuments%Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr = ]
devldr32.exe -> %System32%\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Modified Date = 8/17/2001 11:36:42 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %UserDocuments%Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 4/30/2007 8:29:56 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %UserDocuments%Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 4/30/2007 8:42:40 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %UserDocuments%Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 4/30/2007 8:41:28 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 5:56:50 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 11/10/2006 8:18:02 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 10:31:02 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 1:01:58 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(3dfxvb) 3dfxvb [Kernel | On_Demand | Stopped] -> %System32%\drivers\3dfxvbm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2195.2b | Size = 42672 bytes | Modified Date = 5/17/2000 6:12:00 PM | Attr = ]
(3dfxvs) 3dfxvs [Kernel | On_Demand | Running] -> %System32%\drivers\3dfxvsm.sys -> 3dfx[Zone] www.3dfxzone.it. [Ver = 5.00.2195.0242 | Size = 174720 bytes | Modified Date = 6/1/2005 8:34:44 PM | Attr = ]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Modified Date = 4/30/2007 8:37:24 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 1:20:04 PM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Modified Date = 4/30/2007 8:41:42 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Modified Date = 4/30/2007 8:39:42 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Modified Date = 4/30/2007 8:38:52 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 4096 bytes | Modified Date = 9/28/2006 7:13:34 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/5/2006 9:03:16 AM | Attr = ]
(BootScreen) BootScreen [Kernel | Boot | Running] -> %System32%\drivers\vidstub.sys -> [Ver = | Size = 163712 bytes | Modified Date = 5/17/2007 8:19:32 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Running] -> %System32%\drivers\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Modified Date = 8/17/2001 1:19:20 PM | Attr = ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DC21x4) DC21x4 Based Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\dc21x4.sys -> Intel Corporation. [Ver = 5.05.04 | Size = 63208 bytes | Modified Date = 8/17/2001 1:12:02 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 4:07:18 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 4:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/22/2001 10:00:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\el90xbc5.sys -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 5:11:06 AM | Attr = ]
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Modified Date = 8/17/2001 1:19:26 PM | Attr = ]
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Modified Date = 8/17/2001 1:19:28 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 10/21/2005 7:58:52 PM | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 10/21/2005 7:58:58 PM | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 3/9/2003 10:31:02 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(kxwdmdrv) kX WDM Driver Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\kx.sys -> Eugene Gavrilov [Ver = 5.10.00.3537 - debug | Size = 571776 bytes | Modified Date = 2/16/2004 3:19:30 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> %System32%\drivers\mcdbus.sys -> MagicISO, Inc. [Ver = 1.0.0.32 | Size = 92160 bytes | Modified Date = 9/22/2006 3:06:10 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/22/2001 10:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.42a | Size = 36592 bytes | Modified Date = 8/16/2006 4:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RDID1030) BOSS GS-10 [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdwm1030.sys -> Roland Corporation [Ver = 5, 0, 3, 0 | Size = 162590 bytes | Modified Date = 3/2/2004 1:00:00 AM | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 0, 0, 0 | Size = 26844 bytes | Modified Date = 3/17/2006 7:25:00 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 3.19.000 | Size = 12528 bytes | Modified Date = 2/9/2007 12:19:26 PM | Attr = ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.27 | Size = 47616 bytes | Modified Date = 1/14/2005 9:14:08 AM | Attr = ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.1 | Size = 6656 bytes | Modified Date = 10/28/2004 3:48:00 AM | Attr = ]
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Modified Date = 8/17/2001 1:19:34 PM | Attr = ]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 12/3/2004 3:20:42 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 162, 0 | Size = 50416 bytes | Modified Date = 1/18/2007 6:39:20 AM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(UsbFltr) WayTech Filter Driver [Kernel | Auto | Running] -> %System32%\drivers\UsbFltr.sys -> Waytech Development, Inc. [Ver = 1.2.0.0 | Size = 18220 bytes | Modified Date = 6/7/2004 3:09:16 PM | Attr = ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Modified Date = 3/9/2007 1:02:10 AM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3dfx Tools -> %System32%\3dfxCmn.dll [rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot] -> 3dfx Interactive, Inc. [Ver = 2.1.10.138 | Size = 118784 bytes | Modified Date = 10/19/2000 4:44:50 PM | Attr = ]
avast! -> %UserDocuments%Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 8:42:48 AM | Attr = ]
Versato -> %ProgramFiles%\Magickey\MagicKey.exe -> [Ver = | Size = 159744 bytes | Modified Date = 4/12/2004 12:27:08 PM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 1:02:00 AM | Attr = ]
< Common Startup > -> C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup
%AllUsersStartup%\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 147456 bytes | Modified Date = 4/9/2003 6:21:38 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 10:27:44 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} [HKLM] -> Reg Data - Key not found [Groove GFS Stub Execution Hook] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
NavLogon -> Reg Data - Value does not exist -> File not found
WB -> %ProgramFiles%\Stardock\Object Desktop\ThemeManager\fastload.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
turbotax.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0\bin\NPJPI150.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 1.5.0.0 | Size = 69740 bytes | Modified Date = 4/18/2007 12:38:36 AM | Attr = ]
{36ECAF82-3300-8F84-092E-AFF36D6C7040} -> Reg Data - Value does not exist [ButtonText: Run WinHTTrack] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{19330F65-2D83-414D-A17F-443ADC5E7501} -> (3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) ->
{896B743E-4A71-479A-991C-F4B37A1349D5} -> (Intel 21041-Based PCI Ethernet Adapter (Generic)) ->
{A7D6DDAC-0A3E-4A0E-B298-7CB3E2B1ADF6} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> - CodeBase = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1169422414015 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0 - CodeBase = http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.5.0 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by144fd.bay144.hotmail.msn.com/activex/HMAtchmt.ocx ->


[Files/Folders - Created Within 30 days]
Application Data -> %SystemDrive%\Application Data -> [Folder | Created Date = 5/2/2007 7:15:00 PM | Attr = H ]
boot.ini.comodofirewall -> %SystemDrive%\boot.ini.comodofirewall -> [Ver = | Size = 211 bytes | Created Date = 5/16/2007 9:51:57 PM | Attr = ]
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [Ver = | Size = 519 bytes | Created Date = 5/23/2007 10:05:44 AM | Attr = ]
SIERRA -> %SystemDrive%\SIERRA -> [Folder | Created Date = 5/27/2007 3:20:57 PM | Attr = ]
$NtUninstallKB909394$ -> %SystemRoot%\$NtUninstallKB909394$ -> [Folder | Created Date = 5/7/2007 5:23:05 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/22/2007 1:05:30 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/10/2007 2:10:27 AM | Attr = H ]
7THLEVEL.INI -> %SystemRoot%\7THLEVEL.INI -> [Ver = | Size = 65 bytes | Created Date = 5/27/2007 3:11:20 PM | Attr = ]
darkportal-1024x.jpg -> %SystemRoot%\darkportal-1024x.jpg -> [Ver = | Size = 235830 bytes | Created Date = 5/16/2007 11:00:39 PM | Attr = ]
Darkstar.bmp -> %SystemRoot%\Darkstar.bmp -> [Ver = | Size = 5760056 bytes | Created Date = 5/16/2007 11:12:37 PM | Attr = ]
ePrompter.ini -> %SystemRoot%\ePrompter.ini -> [Ver = | Size = 8629 bytes | Created Date = 5/25/2007 6:14:35 PM | Attr = ]
eReg.dat -> %SystemRoot%\eReg.dat -> [Ver = | Size = 636 bytes | Created Date = 5/7/2007 10:10:24 PM | Attr = ]
hpoins01.dat -> %SystemRoot%\hpoins01.dat -> [Ver = | Size = 19558 bytes | Created Date = 5/7/2007 5:56:22 PM | Attr = ]
hpomdl01.dat -> %SystemRoot%\hpomdl01.dat -> [Ver = | Size = 16606 bytes | Created Date = 5/7/2007 5:56:22 PM | Attr = ]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 5/25/2007 1:50:45 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 5/16/2007 1:17:34 PM | Attr = ]
SIERRA.INI -> %SystemRoot%\SIERRA.INI -> [Ver = | Size = 883 bytes | Created Date = 5/27/2007 3:20:38 PM | Attr = ]
solcache -> %SystemRoot%\solcache -> [Folder | Created Date = 5/27/2007 3:23:27 PM | Attr = ]
uninst.exe -> %SystemRoot%\uninst.exe -> Stirling Technologies, Inc. [Ver = 2.20.911.0 | Size = 283648 bytes | Created Date = 5/27/2007 3:02:20 PM | Attr = ]
wb.ini -> %SystemRoot%\wb.ini -> [Ver = | Size = 82 bytes | Created Date = 5/16/2007 11:00:02 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75512 bytes | Created Date = 5/25/2007 1:52:22 PM | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1178589906.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1178589906.job -> [Ver = | Size = 386 bytes | Created Date = 5/7/2007 6:06:01 PM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 5/6/2007 1:01:01 AM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 5/25/2007 9:14:48 PM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Created Date = 5/6/2007 1:01:01 AM | Attr = ]
AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Created Date = 5/6/2007 1:01:01 AM | Attr = ]
ijkmp.bak1 -> %System32%\ijkmp.bak1 -> [Ver = | Size = 1466609 bytes | Created Date = 5/12/2007 5:02:39 PM | Attr = HS]
ijkmp.ini2 -> %System32%\ijkmp.ini2 -> [Ver = | Size = 1467667 bytes | Created Date = 5/12/2007 5:52:21 PM | Attr = HS]
ijkmp.tmp -> %System32%\ijkmp.tmp -> [Ver = | Size = 1467117 bytes | Created Date = 5/12/2007 5:51:58 PM | Attr = HS]
libeay32.dll -> %System32%\libeay32.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8e | Size = 1040384 bytes | Created Date = 5/15/2007 6:10:13 AM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 5/25/2007 1:51:55 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 5/25/2007 9:14:39 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 5/7/2007 5:09:35 PM | Attr = ]
pmkji.dll -> %System32%\pmkji.dll -> [Ver = | Size = 285268 bytes | Created Date = 5/12/2007 4:00:41 PM | Attr = HS]
SierraNW.dll -> %System32%\SierraNW.dll -> Cendant Software [Ver = 4, 0, 2, 4 | Size = 1022976 bytes | Created Date = 5/27/2007 3:21:00 PM | Attr = ]
SNWValid.dll -> %System32%\SNWValid.dll -> Cendant Software [Ver = 4, 0, 2, 4 | Size = 231936 bytes | Created Date = 5/27/2007 3:21:00 PM | Attr = ]
ssleay32.dll -> %System32%\ssleay32.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8e | Size = 196608 bytes | Created Date = 5/15/2007 6:10:02 AM | Attr = ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 5120 bytes | Created Date = 5/10/2007 6:54:25 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 900 bytes | Created Date = 5/8/2007 9:41:26 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Created Date = 5/25/2007 1:51:34 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 5/25/2007 1:50:45 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 5/25/2007 1:51:34 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 5/25/2007 1:50:44 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 5/25/2007 1:51:36 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 5/25/2007 1:51:36 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 5/25/2007 1:51:54 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 5/25/2007 1:50:44 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 5/25/2007 1:51:41 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 5/25/2007 1:51:38 PM | Attr = ]
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Created Date = 5/16/2007 11:00:01 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 5/25/2007 1:51:49 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 5/25/2007 1:51:49 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 5/25/2007 1:52:37 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 5/25/2007 1:51:36 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 5/25/2007 1:51:39 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Created Date = 5/6/2007 1:01:13 AM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Created Date = 5/6/2007 1:01:08 AM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Created Date = 5/6/2007 1:01:08 AM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Created Date = 5/6/2007 1:01:14 AM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Created Date = 5/6/2007 1:01:13 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/25/2007 5:49:54 PM | Attr = ]
KProcWatch.sys -> %System32%\drivers\KProcWatch.sys -> [Ver = | Size = 8576 bytes | Created Date = 5/16/2007 9:58:19 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Application Data -> %SystemDrive%\Application Data -> [Folder | Modified Date = 5/2/2007 8:15:02 PM | Attr = H ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 5/16/2007 10:51:58 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/25/2007 9:55:30 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 5/2/2007 8:15:00 PM | Attr = ]
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [Ver = | Size = 519 bytes | Modified Date = 5/23/2007 11:06:54 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/27/2007 4:20:58 PM | Attr = R ]
SIERRA -> %SystemDrive%\SIERRA -> [Folder | Modified Date = 5/27/2007 4:23:04 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 5/11/2007 4:28:14 PM | Attr = HS]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 5/10/2007 9:38:58 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/27/2007 4:27:38 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/22/2007 2:05:06 PM | Attr = H ]
$NtUninstallKB909394$ -> %SystemRoot%\$NtUninstallKB909394$ -> [Folder | Modified Date = 5/7/2007 6:23:08 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/22/2007 2:05:32 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/10/2007 3:10:30 AM | Attr = H ]
7THLEVEL.INI -> %SystemRoot%\7THLEVEL.INI -> [Ver = | Size = 65 bytes | Modified Date = 5/27/2007 4:17:40 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/26/2007 10:28:52 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 5/25/2007 8:52:24 AM | Attr = HS]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 5/25/2007 10:21:12 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/10/2007 3:05:52 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/8/2007 11:21:38 PM | Attr = S]
ePrompter.ini -> %SystemRoot%\ePrompter.ini -> [Ver = | Size = 8629 bytes | Modified Date = 5/25/2007 9:55:44 PM | Attr = ]
eReg.dat -> %SystemRoot%\eReg.dat -> [Ver = | Size = 636 bytes | Modified Date = 5/7/2007 11:10:26 PM | Attr = ]
Filzip.ini -> %SystemRoot%\Filzip.ini -> [Ver = | Size = 41 bytes | Modified Date = 5/27/2007 4:18:10 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 5/5/2007 9:28:32 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/25/2007 10:21:26 PM | Attr = ]
hpoins01.dat -> %SystemRoot%\hpoins01.dat -> [Ver = | Size = 19558 bytes | Modified Date = 5/7/2007 7:02:44 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 5/10/2007 3:21:40 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/22/2007 2:05:52 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/25/2007 10:09:56 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/25/2007 9:55:40 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/27/2007 4:38:10 PM | Attr = ]
LogonStudio.ini -> %SystemRoot%\LogonStudio.ini -> [Ver = | Size = 24 bytes | Modified Date = 5/25/2007 9:49:56 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/23/2007 2:48:06 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 5/26/2007 4:28:50 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/27/2007 4:40:26 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/13/2007 9:30:26 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 5/10/2007 9:31:16 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1081435 bytes | Modified Date = 5/7/2007 6:15:02 PM | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 5/10/2007 7:54:24 PM | Attr = ]
SIERRA.INI -> %SystemRoot%\SIERRA.INI -> [Ver = | Size = 883 bytes | Modified Date = 5/27/2007 4:26:50 PM | Attr = ]
solcache -> %SystemRoot%\solcache -> [Folder | Modified Date = 5/27/2007 4:23:28 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/27/2007 4:21:02 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/7/2007 7:06:02 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/27/2007 4:39:20 PM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 5/7/2007 7:04:46 PM | Attr = ]
wb.ini -> %SystemRoot%\wb.ini -> [Ver = | Size = 82 bytes | Modified Date = 5/25/2007 9:50:40 PM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 5/10/2007 7:54:28 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1178 bytes | Modified Date = 5/25/2007 10:14:08 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/5/2007 9:34:34 PM | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1178589906.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1178589906.job -> [Ver = | Size = 386 bytes | Modified Date = 5/7/2007 7:06:04 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/26/2007 10:29:28 PM | Attr = H ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 5/25/2007 10:14:50 PM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 4/30/2007 8:46:10 AM | Attr = ]
AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Modified Date = 4/30/2007 8:35:28 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/27/2007 4:33:34 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 5/13/2007 9:30:52 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2617 bytes | Modified Date = 5/6/2007 2:13:36 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/25/2007 10:19:26 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/25/2007 6:49:56 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 5/16/2007 11:24:44 AM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 5/5/2007 11:55:36 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 264616 bytes | Modified Date = 5/5/2007 11:55:38 PM | Attr = ]
ijkmp.bak1 -> %System32%\ijkmp.bak1 -> [Ver = | Size = 1466609 bytes | Modified Date = 5/12/2007 6:02:42 PM | Attr = HS]
ijkmp.ini2 -> %System32%\ijkmp.ini2 -> [Ver = | Size = 1467667 bytes | Modified Date = 5/13/2007 9:29:10 AM | Attr = HS]
ijkmp.tmp -> %System32%\ijkmp.tmp -> [Ver = | Size = 1467117 bytes | Modified Date = 5/12/2007 6:52:22 PM | Attr = HS]
libeay32.dll -> %System32%\libeay32.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8e | Size = 1040384 bytes | Modified Date = 5/15/2007 7:10:14 AM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 5/25/2007 10:14:40 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 5/7/2007 6:09:36 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63188 bytes | Modified Date = 5/25/2007 10:21:44 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 403968 bytes | Modified Date = 5/25/2007 10:21:44 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 474296 bytes | Modified Date = 5/25/2007 10:21:44 PM | Attr = ]
pmkji.dll -> %System32%\pmkji.dll -> [Ver = | Size = 285268 bytes | Modified Date = 5/12/2007 5:00:48 PM | Attr = HS]
Restore -> %System32%\Restore -> [Folder | Modified Date = 5/13/2007 9:28:56 AM | Attr = ]
ssleay32.dll -> %System32%\ssleay32.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8e | Size = 196608 bytes | Modified Date = 5/15/2007 7:10:04 AM | Attr = ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 5120 bytes | Modified Date = 5/10/2007 7:54:26 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 900 bytes | Modified Date = 5/9/2007 12:59:28 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Modified Date = 5/26/2007 10:29:10 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 5/13/2007 9:30:26 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 5/22/2007 12:39:06 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/25/2007 2:54:54 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 5/25/2007 2:52:34 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Modified Date = 4/30/2007 8:37:24 AM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Modified Date = 4/30/2007 8:41:56 AM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Modified Date = 4/30/2007 8:41:42 AM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Modified Date = 4/30/2007 8:39:42 AM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Modified Date = 4/30/2007 8:38:52 AM | Attr = ]
vidstub.sys -> %System32%\drivers\vidstub.sys -> [Ver = | Size = 163712 bytes | Modified Date = 5/17/2007 8:19:32 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 432 bytes | Modified Date = 5/26/2007 10:30:16 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 4/30/2007 8:46:10 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/22/2001 10:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\kxapi.dll -> Eugene Gavrilov [Ver = 5.10.00.3537 - debug | Size = 96768 bytes | Modified Date = 2/16/2004 3:19:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\kxasio.dll -> Eugene Gavrilov [Ver = 5.10.00.3537 - debug | Size = 40960 bytes | Modified Date = 2/16/2004 3:19:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\kxctrl.exe -> Eugene Gavrilov [Ver = 5, 10, 00, 3537 - debug | Size = 16384 bytes | Modified Date = 2/16/2004 3:19:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\kxfxlib.kxl -> Eugene Gavrilov [Ver = 5.10.00.3537 - debug | Size = 122368 bytes | Modified Date = 2/16/2004 3:19:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\kxgui.dll -> Eugene Gavrilov [Ver = 5.10.00.3537 - debug | Size = 113152 bytes | Modified Date = 2/16/2004 3:19:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\kxsetup.exe -> Eugene Gavrilov [Ver = 5, 10, 00, 3537 - debug | Size = 25600 bytes | Modified Date = 2/16/2004 3:19:30 PM | Attr = ]
UPX! , -> %System32%\pmkji.dll -> [Ver = | Size = 285268 bytes | Modified Date = 5/12/2007 5:00:48 PM | Attr = HS]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/22/2001 10:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/22/2001 10:00:00 PM | Attr = ]

< End of report >

#4 wyrdmage

wyrdmage
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brightwood, OR
  • Local time:06:56 AM

Posted 27 May 2007 - 06:53 PM

i also ran a scan on my computer recntly that told me i may have a keylogger. Does anyone have any recomendations to get rid of that?

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:56 AM

Posted 28 May 2007 - 07:59 AM

Hi wyrdmage. I don't see any big problems in the log. Just a little cleanup to do.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} [HKLM] -> Reg Data - Key not found [Groove GFS Stub Execution Hook]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> NavLogon -> Reg Data - Value does not exist
YN -> WB -> %ProgramFiles%\Stardock\Object Desktop\ThemeManager\fastload.dll
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {36ECAF82-3300-8F84-092E-AFF36D6C7040} -> Reg Data - Value does not exist [ButtonText: Run WinHTTrack]
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel ->
[Files/Folders - Created Within 30 days]
NY -> ijkmp.bak1 -> %System32%\ijkmp.bak1
NY -> ijkmp.ini2 -> %System32%\ijkmp.ini2
NY -> ijkmp.tmp -> %System32%\ijkmp.tmp
NY -> pmkji.dll -> %System32%\pmkji.dll
[Files/Folders - Modified Within 30 days]
NY -> ijkmp.bak1 -> %System32%\ijkmp.bak1
NY -> ijkmp.ini2 -> %System32%\ijkmp.ini2
NY -> ijkmp.tmp -> %System32%\ijkmp.tmp
NY -> pmkji.dll -> %System32%\pmkji.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , -> %System32%\pmkji.dll
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time. When the fix is completed you will be asked to reboot. Choose Yes and let the system reboot.

After the reboot post the following back here:
  • a new WinPFind3U report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users