Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis - Problem Saving Logfile


  • Please log in to reply
11 replies to this topic

#1 kv77

kv77

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 26 May 2007 - 09:09 PM

Hi, My computer has been running very slow for last few days and everytime I open a webpage, another webpage opens with ads. I have windows Xp pro with McAfee virus scan and ZoneAlarm firewall. Often virunscan alters saying computer is infected with Vundo trojan and the file could not be moved. Ran Ad-aware and Spybot but no use.

Now I tried to run HijackThis to post the logfile. I saved the zip file into C drive and unzipped into C:\Program Files\HJT. Executed the exe and ran the scan. When I click on Save log button, the application closes automatically and it does not save the log file. Can you please help me saving the HijackThis log file so that I can post it here. Appreciate your help.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:30 PM

Posted 27 May 2007 - 12:17 PM

Hello kv77 and welcome to the BC HijackThis forum. There are some Vundo infections that target HijackThis and either close it or hides its entries in the scan. Let's try a different scanner and see what it shows.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 kv77

kv77
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 28 May 2007 - 01:18 PM

Thank you OldTimer for your response. Here is the WinPFind3U log file:

WinPFind3 logfile created on: 5/28/2007 1:29:31 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\vkonchada\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

765.99 Mb Total Physical Memory | 222.53 Mb Available Physical Memory | 29.05% Memory free
1.08 Gb Paging File | 0.59 Gb Available in Paging File | 54.92% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.13 Gb Total Space | 1.32 Gb Free Space | 6.88% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JXWFIT9X8W021
Current User Name: vkonchada
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
actionagent.exe -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
besclient.exe -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
cam.exe -> %ProgramFiles%\CA\Unicenter Asset Management\Agents\CAM.EXE -> Computer Associates International, Inc. [Ver = 3.11.26.10 | Size = 246312 bytes | Modified Date = 3/18/2004 6:10:08 AM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
delldmi.exe -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
dlt.exe -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
dsncservice.exe -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
eventagt.exe -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 3:44:56 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
mmkeybd.exe -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 229376 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
neoterissetupservice.exe -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
nhksrv.exe -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
nutsrv4.exe -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
pcs_agnt.exe -> %ProgramFiles%\IBM\Personal Communications\PCS_AGNT.EXE -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 40960 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
pnagent.exe -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
rovasrvc.exe -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
tbmon.exe -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
trcboot.exe -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
umcstub.exe -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
win32sl.exe -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
yahoom~1.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ActionAgent) ActionAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
(AmoAgent) Asset Management Agent [Win32_Own | Auto | Running] -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
(BESClient) BES Client [Win32_Own | Auto | Running] -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
(DellDmi) DellDmi [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
(DEventAgent) DEventAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
(DLT) DLT [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(dsNcService) Juniper Network Connect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
(Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(Neoteris Setup Service) Neoteris Setup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
(Nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
(NuTCRACKERService) NuTCRACKER Service [Win32_Own | Auto | Running] -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
(ROVA_Srvc) ROVA Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
(TrcBoot) TrcBoot [Win32_Own | Auto | Running] -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
(Win32Sl) Win32Sl [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
DellTouch -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
GUpload -> %AllUsersAppData%\Microsoft\Network\Connections\Cm\GRAS301\GUpload.exe -> [Ver = | Size = 122880 bytes | Modified Date = 8/22/2003 11:16:30 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 155648 bytes | Modified Date = 5/6/2004 4:52:10 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 12:59:48 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 4:24:32 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 12:50:42 PM | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
NuTCSetupEnviron -> %SystemDrive%\Rational\Rational Test\nutcroot\bin\ncoeenv.exe -> [Ver = | Size = 16384 bytes | Modified Date = 1/2/2001 5:25:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
NWEReboot -> -> File not found
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 3/25/2006 11:56:34 AM | Attr = ]
ROVATray -> %ProgramFiles%\ROVA\rovatray.exe -> Quintech, Inc. [Ver = 2.60.126.0 | Size = 143360 bytes | Modified Date = 2/9/2007 9:00:00 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
SoDA Startup -> %SystemDrive%\Rational\SoDAWord\wizards\SodaStartup.exe -> Rational Software Corp. [Ver = 6.00.0006 | Size = 114688 bytes | Modified Date = 10/15/2001 1:13:12 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %CommonProgramFiles%\AOL\Launch\AOLLaunch.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:18 PM | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 3:44:14 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\vkonchada\Start Menu\Programs\Startup
%UserStartup%\TA_Start.lnk -> %LocalSettings%\Temp\TICHD003.exe -> [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 5/19/2007 11:53:28 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} [HKLM] -> %System32%\awtqrqn.dll [] -> [Ver = | Size = 29206 bytes | Modified Date = 5/19/2007 11:43:06 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\services\tools\User_Update.vbs -> %SystemDrive%\Services\TOOLS\User_Update.vbs -> [Ver = | Size = 7595 bytes | Modified Date = 9/9/2003 11:07:00 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
awtqrqn -> %System32%\awtqrqn.dll -> [Ver = | Size = 29206 bytes | Modified Date = 5/19/2007 11:43:06 AM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3829 | Size = 344064 bytes | Modified Date = 5/6/2004 4:47:46 PM | Attr = ]
WRNotifier -> WRLogonNTF.dll -> File not found
yabxu -> %System32%\yabxu.dll -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:22 AM | Attr = HS]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> Merrill Lynch - %computername% ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\disablecad -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LogonType -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisablePersonalDirChange -> 1 ->
< HOSTS File > (862 bytes) -> C:\windows\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
203.199.19.19 apps.ultimatix.org apps -> ->
203.199.19.1 apps1.ultimatix.org apps1 -> ->
203.199.19.2 apps2.ultimatix.org apps2 -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
ml_softscape.com [http] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
http [*] -> ->
localhost [*] -> ->
*.aost_ml.com [http] -> ->
*.corp_ml.com [http] -> ->
*.dats_ml.com [http] -> ->
*.ffsdev_ml.com [http] -> ->
*.mlpc.privnet.us_ml.com [http] -> ->
*.privnet.us_ml.com [*] -> ->
*.purchasing_ml.com [http] -> ->
*.qa_ml.com [*] -> ->
*.qa_ml.com [http] -> ->
*.somerset_ml.com [http] -> ->
*.tgadev.privnet.us_ml.com [http] -> ->
*.tgaqa.privnet.us_ml.com [http] -> ->
*.worldnet_ml.com [https] -> ->
aost_ml.com [*] -> ->
corp_ml.com [*] -> ->
dats_ml.com [*] -> ->
ffsdev_ml.com [*] -> ->
mlpc.privnet.us_ml.com [*] -> ->
purchasing_ml.com [*] -> ->
somerset_ml.com [*] -> ->
us_ml.com [*] -> ->
worldnet_ml.com [*] -> ->
www.worldnet_ml.com [http] -> ->
motive30 [*] -> ->
motive40 [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{12491CD1-EE75-4314-9687-29DC45347F77} [HKLM] -> %System32%\yabxu.dll [Reg Data - Value does not exist] -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:22 AM | Attr = HS]
{3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} [HKLM] -> %System32%\awtqrqn.dll [Reg Data - Value does not exist] -> [Ver = | Size = 29206 bytes | Modified Date = 5/19/2007 11:43:06 AM | Attr = ]
{4B646AFB-9341-4330-8FD1-C32485AEE619} [HKLM] -> %System32%\pdrgshfg.dll [Reg Data - Value does not exist] -> [Ver = | Size = 50745 bytes | Modified Date = 5/25/2007 2:36:02 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:29:16 PM | Attr = ]
{9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} [HKLM] -> %System32%\lihsgbji.dll [Reg Data - Value does not exist] -> [Ver = | Size = 124436 bytes | Modified Date = 5/27/2007 9:29:48 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 6:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{30137ADF-AF03-422A-922D-649757E1A03A} -> (Intel® PRO/1000 MT Network Connection) ->
{35D213E4-B51D-4257-A412-36942112209C} -> () ->
{AA5A72E0-4A74-45D6-A44D-56B4173B4F4A} -> () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...canner37440.cab ->
{9b935470-ad4a-11d5-b63e-00c04faedb18} -> Oracle JInitiator 1.1.8.16 - CodeBase = http://apps.ultimatix.org:8000/jinitiator/oajinit.exe ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Created Date = 5/24/2007 5:16:08 PM | Attr = ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 5/20/2007 10:00:37 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 5/20/2007 10:03:24 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 5/20/2007 10:03:14 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 5/20/2007 9:52:57 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 5/20/2007 9:56:35 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 5/20/2007 9:56:54 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 5/20/2007 10:01:06 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 5/20/2007 9:59:50 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 5/20/2007 9:51:32 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 5/20/2007 9:46:24 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 5/20/2007 9:56:26 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 5/20/2007 9:58:54 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Created Date = 5/20/2007 10:04:40 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 5/20/2007 9:57:14 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 5/20/2007 9:59:36 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 5/20/2007 9:56:45 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 5/20/2007 10:01:19 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 5/20/2007 9:59:25 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 5/20/2007 9:57:27 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 5/20/2007 10:03:39 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 5/20/2007 9:58:40 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 5/20/2007 10:03:03 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 5/20/2007 9:53:09 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 5/20/2007 10:00:46 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 5/20/2007 10:02:41 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 5/20/2007 9:57:02 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/23/2007 9:12:56 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 5/20/2007 10:02:53 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/20/2007 9:56:06 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 5/10/2007 7:44:44 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/20/2007 10:00:10 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/29/2007 8:30:25 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/29/2007 8:20:52 PM | Attr = H ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 5/27/2007 6:03:16 PM | Attr = ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Created Date = 5/3/2007 5:20:57 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 5/28/2007 12:07:42 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 5/28/2007 12:07:42 AM | Attr = H ]
awtqrqn.dll -> %System32%\awtqrqn.dll -> [Ver = | Size = 29206 bytes | Created Date = 5/19/2007 10:43:05 AM | Attr = ]
guvaooov.ini -> %System32%\guvaooov.ini -> [Ver = | Size = 827843 bytes | Created Date = 5/22/2007 9:25:51 AM | Attr = HS]
lihsgbji.dll -> %System32%\lihsgbji.dll -> [Ver = | Size = 124436 bytes | Created Date = 5/27/2007 8:29:44 PM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 5/20/2007 12:29:59 PM | Attr = ]
oppqr.dll -> %System32%\oppqr.dll -> [Ver = | Size = 262708 bytes | Created Date = 5/19/2007 10:51:15 AM | Attr = HS]
pdrgshfg.dll -> %System32%\pdrgshfg.dll -> [Ver = | Size = 50745 bytes | Created Date = 5/25/2007 1:35:59 PM | Attr = ]
rqppo.ini -> %System32%\rqppo.ini -> [Ver = | Size = 353 bytes | Created Date = 5/19/2007 10:51:59 AM | Attr = HS]
SBO -> %System32%\SBO -> [Folder | Created Date = 5/19/2007 10:55:19 AM | Attr = ]
uxbay.bak1 -> %System32%\uxbay.bak1 -> [Ver = | Size = 1498278 bytes | Created Date = 5/19/2007 10:53:13 AM | Attr = HS]
uxbay.bak2 -> %System32%\uxbay.bak2 -> [Ver = | Size = 1556217 bytes | Created Date = 5/20/2007 11:42:53 AM | Attr = HS]
uxbay.ini -> %System32%\uxbay.ini -> [Ver = | Size = 1554889 bytes | Created Date = 5/26/2007 8:25:59 PM | Attr = HS]
uxbay.ini2 -> %System32%\uxbay.ini2 -> [Ver = | Size = 1503098 bytes | Created Date = 5/20/2007 10:11:45 PM | Attr = HS]
yabxu.dll -> %System32%\yabxu.dll -> [Ver = | Size = 262708 bytes | Created Date = 5/19/2007 10:51:16 AM | Attr = HS]
yuyyjdex.ini -> %System32%\yuyyjdex.ini -> [Ver = | Size = 833462 bytes | Created Date = 5/20/2007 11:37:24 AM | Attr = HS]

[Files/Folders - Modified Within 30 days]
CLIENTWS -> %SystemDrive%\CLIENTWS -> [Folder | Modified Date = 5/28/2007 1:00:26 PM | Attr = ]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Modified Date = 5/26/2007 5:49:32 PM | Attr = ]
Mp3 -> %SystemDrive%\Mp3 -> [Folder | Modified Date = 5/26/2007 2:07:16 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/26/2007 9:38:44 PM | Attr = R ]
Ramana -> %SystemDrive%\Ramana -> [Folder | Modified Date = 5/27/2007 7:09:52 PM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/28/2007 12:51:30 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/28/2007 1:07:44 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/23/2007 10:12:10 PM | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 5/20/2007 11:00:38 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 5/20/2007 11:03:26 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 5/20/2007 11:03:16 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 5/20/2007 10:52:58 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 5/20/2007 10:56:38 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 5/20/2007 10:56:56 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 5/20/2007 11:01:08 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 5/20/2007 10:59:52 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 5/20/2007 10:51:36 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 5/20/2007 10:46:28 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 5/20/2007 10:56:28 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 5/20/2007 10:58:56 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Modified Date = 5/20/2007 11:04:42 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 5/20/2007 10:57:16 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 5/20/2007 10:59:38 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 5/20/2007 11:01:22 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 5/20/2007 10:59:28 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 5/20/2007 10:57:30 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 5/20/2007 11:03:42 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 5/20/2007 10:58:42 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 5/20/2007 11:03:06 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 5/20/2007 10:53:12 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 5/20/2007 11:00:50 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 5/20/2007 11:02:44 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 5/20/2007 10:57:04 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/23/2007 10:12:58 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 5/20/2007 11:02:56 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/20/2007 10:56:08 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 5/10/2007 8:44:46 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/20/2007 11:00:14 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/29/2007 9:30:28 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/29/2007 9:20:54 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/26/2007 11:46:54 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 5/26/2007 11:32:42 AM | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/20/2007 10:53:54 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/20/2007 11:04:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/27/2007 6:54:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/28/2007 11:32:00 AM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/28/2007 12:52:34 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 5/27/2007 7:03:38 PM | Attr = ]
MMKEYBD.INI -> %SystemRoot%\MMKEYBD.INI -> [Ver = | Size = 29 bytes | Modified Date = 5/27/2007 12:31:02 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = ]
MSIOSD.INI -> %SystemRoot%\MSIOSD.INI -> [Ver = | Size = 30 bytes | Modified Date = 5/27/2007 12:31:02 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 202 bytes | Modified Date = 5/27/2007 11:54:28 PM | Attr = ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Modified Date = 5/3/2007 6:20:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/28/2007 1:28:44 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 5/28/2007 1:07:44 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/28/2007 1:07:44 AM | Attr = H ]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 5/28/2007 9:18:30 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/19/2007 11:36:22 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/28/2007 1:31:18 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/26/2007 10:40:32 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/28/2007 1:31:10 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/20/2007 10:58:44 PM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 380 bytes | Modified Date = 5/28/2007 9:00:12 AM | Attr = ]
At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 382 bytes | Modified Date = 5/28/2007 11:00:24 AM | Attr = ]
At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 382 bytes | Modified Date = 5/28/2007 1:00:26 PM | Attr = ]
At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 382 bytes | Modified Date = 5/25/2007 3:00:58 PM | Attr = ]
defrag.job -> %SystemRoot%\tasks\defrag.job -> [Ver = | Size = 244 bytes | Modified Date = 5/28/2007 4:03:50 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/26/2007 11:46:54 PM | Attr = H ]
awtqrqn.dll -> %System32%\awtqrqn.dll -> [Ver = | Size = 29206 bytes | Modified Date = 5/19/2007 11:43:06 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/20/2007 10:59:10 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/27/2007 6:54:38 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/27/2007 7:03:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/28/2007 11:31:38 AM | Attr = ]
guvaooov.ini -> %System32%\guvaooov.ini -> [Ver = | Size = 827843 bytes | Modified Date = 5/22/2007 10:26:02 AM | Attr = HS]
lihsgbji.dll -> %System32%\lihsgbji.dll -> [Ver = | Size = 124436 bytes | Modified Date = 5/27/2007 9:29:48 PM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 5/28/2007 1:11:14 PM | Attr = ]
oppqr.dll -> %System32%\oppqr.dll -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:20 AM | Attr = HS]
pdrgshfg.dll -> %System32%\pdrgshfg.dll -> [Ver = | Size = 50745 bytes | Modified Date = 5/25/2007 2:36:02 PM | Attr = ]
QuickTime.qtp -> %System32%\QuickTime.qtp -> [Ver = | Size = 50500 bytes | Modified Date = 5/17/2007 9:36:18 AM | Attr = ]
rqppo.ini -> %System32%\rqppo.ini -> [Ver = | Size = 353 bytes | Modified Date = 5/19/2007 11:52:02 AM | Attr = HS]
SBO -> %System32%\SBO -> [Folder | Modified Date = 5/19/2007 11:55:20 AM | Attr = ]
uxbay.bak1 -> %System32%\uxbay.bak1 -> [Ver = | Size = 1498278 bytes | Modified Date = 5/19/2007 11:53:16 AM | Attr = HS]
uxbay.bak2 -> %System32%\uxbay.bak2 -> [Ver = | Size = 1556217 bytes | Modified Date = 5/27/2007 9:29:08 PM | Attr = HS]
uxbay.ini -> %System32%\uxbay.ini -> [Ver = | Size = 1554889 bytes | Modified Date = 5/28/2007 1:31:36 PM | Attr = HS]
uxbay.ini2 -> %System32%\uxbay.ini2 -> [Ver = | Size = 1503098 bytes | Modified Date = 5/20/2007 11:49:12 PM | Attr = HS]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 5/26/2007 11:50:24 PM | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/26/2007 11:57:22 PM | Attr = ]
yabxu.dll -> %System32%\yabxu.dll -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:22 AM | Attr = HS]
yuyyjdex.ini -> %System32%\yuyyjdex.ini -> [Ver = | Size = 833462 bytes | Modified Date = 5/21/2007 12:41:56 AM | Attr = HS]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/13/2007 5:49:30 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 1/26/2006 2:36:02 PM | Attr = ]
PEC2 , -> %System32%\nutcom4.pdb -> [Ver = | Size = 197632 bytes | Modified Date = 1/2/2001 3:20:50 PM | Attr = ]
yourkey , -> %System32%\nutiface4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 184341 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutiface4.pdb -> [Ver = | Size = 656384 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.pdb -> [Ver = | Size = 1090560 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsys4.dll -> DataFocus, Inc. [Ver = 4.50.0100 | Size = 1017467 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
yourkey , -> %System32%\nutsys4.pdb -> [Ver = | Size = 3818496 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\oppqr.dll -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:20 AM | Attr = HS]
UPX! , -> %System32%\pdrgshfg.dll -> [Ver = | Size = 50745 bytes | Modified Date = 5/25/2007 2:36:02 PM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.exe -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.scr -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:30 PM

Posted 28 May 2007 - 03:33 PM

Hi kv77. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ->
< User Startup > -> C:\Documents and Settings\vkonchada\Start Menu\Programs\Startup
YY -> %UserStartup%\TA_Start.lnk -> %LocalSettings%\Temp\TICHD003.exe
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} [HKLM] -> %System32%\awtqrqn.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> awtqrqn -> %System32%\awtqrqn.dll
YY -> yabxu -> %System32%\yabxu.dll
< Internet Explorer Settings > ->
YN -> HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {12491CD1-EE75-4314-9687-29DC45347F77} [HKLM] -> %System32%\yabxu.dll [Reg Data - Value does not exist]
YY -> {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} [HKLM] -> %System32%\awtqrqn.dll [Reg Data - Value does not exist]
YY -> {4B646AFB-9341-4330-8FD1-C32485AEE619} [HKLM] -> %System32%\pdrgshfg.dll [Reg Data - Value does not exist]
YY -> {9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} [HKLM] -> %System32%\lihsgbji.dll [Reg Data - Value does not exist]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services]
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
[Files/Folders - Created Within 30 days]
NY -> awtqrqn.dll -> %System32%\awtqrqn.dll
NY -> guvaooov.ini -> %System32%\guvaooov.ini
NY -> lihsgbji.dll -> %System32%\lihsgbji.dll
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> oppqr.dll -> %System32%\oppqr.dll
NY -> pdrgshfg.dll -> %System32%\pdrgshfg.dll
NY -> uxbay.bak1 -> %System32%\uxbay.bak1
NY -> uxbay.bak2 -> %System32%\uxbay.bak2
NY -> uxbay.ini -> %System32%\uxbay.ini
NY -> uxbay.ini2 -> %System32%\uxbay.ini2
NY -> yabxu.dll -> %System32%\yabxu.dll
NY -> yuyyjdex.ini -> %System32%\yuyyjdex.ini
[Files/Folders - Modified Within 30 days]
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> awtqrqn.dll -> %System32%\awtqrqn.dll
NY -> guvaooov.ini -> %System32%\guvaooov.ini
NY -> lihsgbji.dll -> %System32%\lihsgbji.dll
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> oppqr.dll -> %System32%\oppqr.dll
NY -> pdrgshfg.dll -> %System32%\pdrgshfg.dll
NY -> rqppo.ini -> %System32%\rqppo.ini
NY -> uxbay.bak1 -> %System32%\uxbay.bak1
NY -> uxbay.bak2 -> %System32%\uxbay.bak2
NY -> uxbay.ini -> %System32%\uxbay.ini
NY -> uxbay.ini2 -> %System32%\uxbay.ini2
NY -> yabxu.dll -> %System32%\yabxu.dll
NY -> yuyyjdex.ini -> %System32%\yuyyjdex.ini
[File String Scan - Non-Microsoft Only]
NY -> PEC2 , PECompact2 , -> %System32%\oppqr.dll
NY -> UPX! , -> %System32%\pdrgshfg.dll
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report (this time also choose Non-Microsoft in the Driver Services group in addition to the standard scan options)
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Edited by OldTimer, 28 May 2007 - 03:34 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 kv77

kv77
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 29 May 2007 - 10:19 PM

Hi OT,

I have followed above all steps. After completing the Step#2, got a popup saying 'mcshield.exe has encountered a problem and needs to close. We are sorry for the inconvenience'. After clicking on OK button, got another message saying 'Fix complete and Reboot'. But the reboot was not done automatically. I switched off and on the pc and completed the Step#3.

Below are the reports.

WinPFind3 logfile created on: 5/29/2007 5:21:37 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\vkonchada\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

765.99 Mb Total Physical Memory | 362.67 Mb Available Physical Memory | 47.35% Memory free
1.08 Gb Paging File | 0.73 Gb Available in Paging File | 67.77% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.13 Gb Total Space | 1.47 Gb Free Space | 7.69% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JXWFIT9X8W021
Current User Name: vkonchada
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
actionagent.exe -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
besclient.exe -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
cam.exe -> %ProgramFiles%\CA\Unicenter Asset Management\Agents\CAM.EXE -> Computer Associates International, Inc. [Ver = 3.11.26.10 | Size = 246312 bytes | Modified Date = 3/18/2004 6:10:08 AM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
delldmi.exe -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
dlt.exe -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
dsncservice.exe -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
eventagt.exe -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 3:44:56 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
mmkeybd.exe -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 229376 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
neoterissetupservice.exe -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
nhksrv.exe -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
nutsrv4.exe -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
pcs_agnt.exe -> %ProgramFiles%\IBM\Personal Communications\PCS_AGNT.EXE -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 40960 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
pnagent.exe -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
rovasrvc.exe -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
ssonsvr.exe -> %ProgramFiles%\Citrix\PNAgent\ssonsvr.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 24848 bytes | Modified Date = 4/4/2005 2:38:10 AM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
tbmon.exe -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
trcboot.exe -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
umcstub.exe -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
win32sl.exe -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ActionAgent) ActionAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
(AmoAgent) Asset Management Agent [Win32_Own | Auto | Running] -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
(BESClient) BES Client [Win32_Own | Auto | Running] -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
(DellDmi) DellDmi [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
(DEventAgent) DEventAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
(DLT) DLT [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(dsNcService) Juniper Network Connect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
(Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(Neoteris Setup Service) Neoteris Setup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
(Nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
(NuTCRACKERService) NuTCRACKER Service [Win32_Own | Auto | Running] -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
(ROVA_Srvc) ROVA Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
(TrcBoot) TrcBoot [Win32_Own | Auto | Running] -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
(Win32Sl) Win32Sl [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 8:20:04 AM | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 2:15:00 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr = ]
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(atirage3) atirage3 [Kernel | On_Demand | Stopped] -> %System32%\drivers\atimpae.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 75136 bytes | Modified Date = 8/17/2001 12:49:00 PM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 4096 bytes | Modified Date = 9/28/2006 10:13:34 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/5/2006 12:03:16 PM | Attr = ]
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Stopped] -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.73.0.0 built by: WinDDK | Size = 186112 bytes | Modified Date = 5/29/2004 6:41:54 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(cdrbsvsd) cdrbsvsd [Kernel | System | Running] -> %System32%\drivers\cdrbsvsd.sys -> B.H.A Corporation [Ver = 7. 0. 0. 5 | Size = 13566 bytes | Modified Date = 12/3/2003 5:44:58 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(cwbmidi_device) Crystal WDM MPU-401 UART Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\cwbmidi.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Modified Date = 8/17/2001 12:19:26 PM | Attr = ]
(cwbwdm_device) Crystal WDM Audio Codec Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\cwbwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72832 bytes | Modified Date = 8/17/2001 12:19:28 PM | Attr = ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(dsNcAdpt) Juniper Network Connect Adapter [Kernel | On_Demand | Running] -> %System32%\drivers\dsNcAdpt.sys -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 23552 bytes | Modified Date = 9/25/2006 5:47:50 PM | Attr = ]
(E1000) Intel® PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 6.2.21.15 built by: WinDDK | Size = 99840 bytes | Modified Date = 9/1/2002 6:38:40 AM | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 8:12:10 AM | Attr = ]
(EL90Xbc) 3Com 3C90X-BC Family PCI EtherLink Adapter [Kernel | On_Demand | Stopped] -> %System32%\drivers\el90Xbc5.SYS -> 3Com Corporation [Ver = 4.08.00.0000 | Size = 69555 bytes | Modified Date = 8/22/2001 6:54:58 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] -> %System32%\drivers\hpt3xx.sys -> HighPoint Technologies, Inc. [Ver = Revision v1.0.5 (XPClient.010817-1148) | Size = 38144 bytes | Modified Date = 8/17/2001 1:52:24 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3829 | Size = 711005 bytes | Modified Date = 5/6/2004 5:14:28 PM | Attr = ]
(IdeBusDr) IdeBusDr [Kernel | Boot | Running] -> %System32%\drivers\IdeBusDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 13891 bytes | Modified Date = 10/15/2002 1:00:00 AM | Attr = ]
(IdeChnDr) Intel® Ultra ATA Controller [Kernel | Boot | Running] -> %System32%\drivers\IdeChnDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 101431 bytes | Modified Date = 10/15/2002 1:00:00 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(KLOGNT) KLOGNT [Kernel | On_Demand | Running] -> %System32%\drivers\klognt.sys -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 24588 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/3/2004 10:41:36 PM | Attr = ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 22016 bytes | Modified Date = 5/27/2005 10:31:28 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(Msikbd2k) DellTouch [Kernel | On_Demand | Running] -> %System32%\drivers\Msikbd2k.sys -> Netropa Corporation [Ver = 1.03 | Size = 6942 bytes | Modified Date = 10/3/2000 4:18:24 PM | Attr = ]
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %System32%\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.276 | Size = 108480 bytes | Modified Date = 1/14/2005 8:00:00 PM | Attr = ]
(NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %System32%\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.301 | Size = 58464 bytes | Modified Date = 2/10/2005 9:00:00 PM | Attr = ]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/3/2004 11:00:52 PM | Attr = ]
(NsTrcNT) NsTrcNT [Kernel | Auto | Running] -> %System32%\drivers\nstrcnt.sys -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 12060 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 1550043 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
(omci) omci [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 10:42:58 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 21248 bytes | Modified Date = 9/19/2003 3:45:48 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 11/17/2005 12:19:30 PM | Attr = ]
(QCMerced) Logitech QuickCam Communicate [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvcm.sys -> [Ver = | Size = 1317152 bytes | Modified Date = 5/27/2005 10:32:52 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3515 | Size = 545208 bytes | Modified Date = 8/5/2002 10:23:58 AM | Attr = ]
(sonypvs1) Sony Digital Imaging Video2 [Kernel | On_Demand | Stopped] -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Modified Date = 10/15/2002 10:41:06 PM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 63, 0 | Size = 29680 bytes | Modified Date = 8/3/2006 1:53:32 AM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | Auto | Running] -> %System32%\drivers\SynTP.sys -> [Ver = | Size = 243024 bytes | Modified Date = 10/26/2001 3:29:06 PM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(TwoTrack) IBM PS/2 TrackPoint Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 8/17/2001 9:48:14 AM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 392824 bytes | Modified Date = 8/23/2006 11:38:36 PM | Attr = ]
(w810bus) Sony Ericsson W810 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810bus.sys -> MCCI [Ver = V4.34 | Size = 58288 bytes | Modified Date = 2/20/2006 11:59:28 AM | Attr = R ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 113504 bytes | Modified Date = 4/15/2003 11:40:54 AM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 78752 bytes | Modified Date = 4/15/2003 11:40:46 AM | Attr = ]
(EntDrv51) EntDrv51 [Kernel | On_Demand | Running] -> %System32%\drivers\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.277 | Size = 8320 bytes | Modified Date = 1/14/2005 8:00:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
DellTouch -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
GUpload -> %AllUsersAppData%\Microsoft\Network\Connections\Cm\GRAS301\GUpload.exe -> [Ver = | Size = 122880 bytes | Modified Date = 8/22/2003 11:16:30 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 155648 bytes | Modified Date = 5/6/2004 4:52:10 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 12:59:48 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 4:24:32 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 12:50:42 PM | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
NuTCSetupEnviron -> %SystemDrive%\Rational\Rational Test\nutcroot\bin\ncoeenv.exe -> [Ver = | Size = 16384 bytes | Modified Date = 1/2/2001 5:25:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
NWEReboot -> -> File not found
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 3/25/2006 11:56:34 AM | Attr = ]
ROVATray -> %ProgramFiles%\ROVA\rovatray.exe -> Quintech, Inc. [Ver = 2.60.126.0 | Size = 143360 bytes | Modified Date = 2/9/2007 9:00:00 AM | Attr = ]
setup -> %System32%\vihriclk.dll [rundll32.exe "C:\windows\system32\vihriclk.dll",realset] -> [Ver = | Size = 132660 bytes | Modified Date = 5/29/2007 1:01:06 PM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
SoDA Startup -> %SystemDrive%\Rational\SoDAWord\wizards\SodaStartup.exe -> Rational Software Corp. [Ver = 6.00.0006 | Size = 114688 bytes | Modified Date = 10/15/2001 1:13:12 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %CommonProgramFiles%\AOL\Launch\AOLLaunch.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:18 PM | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 3:44:14 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\services\tools\User_Update.vbs -> %SystemDrive%\Services\TOOLS\User_Update.vbs -> [Ver = | Size = 7595 bytes | Modified Date = 9/9/2003 11:07:00 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3829 | Size = 344064 bytes | Modified Date = 5/6/2004 4:47:46 PM | Attr = ]
WRNotifier -> WRLogonNTF.dll -> File not found
yabxu -> %System32%\yabxu.dll -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:22 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> Merrill Lynch - %computername% ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\disablecad -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LogonType -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisablePersonalDirChange -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (862 bytes) -> C:\windows\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
203.199.19.19 apps.ultimatix.org apps -> ->
203.199.19.1 apps1.ultimatix.org apps1 -> ->
203.199.19.2 apps2.ultimatix.org apps2 -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
ml_softscape.com [http] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
http [*] -> ->
localhost [*] -> ->
*.aost_ml.com [http] -> ->
*.corp_ml.com [http] -> ->
*.dats_ml.com [http] -> ->
*.ffsdev_ml.com [http] -> ->
*.mlpc.privnet.us_ml.com [http] -> ->
*.privnet.us_ml.com [*] -> ->
*.purchasing_ml.com [http] -> ->
*.qa_ml.com [*] -> ->
*.qa_ml.com [http] -> ->
*.somerset_ml.com [http] -> ->
*.tgadev.privnet.us_ml.com [http] -> ->
*.tgaqa.privnet.us_ml.com [http] -> ->
*.worldnet_ml.com [https] -> ->
aost_ml.com [*] -> ->
corp_ml.com [*] -> ->
dats_ml.com [*] -> ->
ffsdev_ml.com [*] -> ->
mlpc.privnet.us_ml.com [*] -> ->
purchasing_ml.com [*] -> ->
somerset_ml.com [*] -> ->
us_ml.com [*] -> ->
worldnet_ml.com [*] -> ->
www.worldnet_ml.com [http] -> ->
motive30 [*] -> ->
motive40 [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{1A55B01E-0667-4EF9-8C32-58268F438CA3} [HKLM] -> %System32%\yabxu.dll [Reg Data - Value does not exist] -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:22 AM | Attr = ]
{4B646AFB-9341-4330-8FD1-C32485AEE619} [HKLM] -> %System32%\ilbraioi.dll [Reg Data - Value does not exist] -> [Ver = | Size = 50745 bytes | Modified Date = 5/29/2007 1:55:30 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} [HKLM] -> %System32%\lihsgbji.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 6:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{30137ADF-AF03-422A-922D-649757E1A03A} -> (Intel® PRO/1000 MT Network Connection) ->
{35D213E4-B51D-4257-A412-36942112209C} -> () ->
{AA5A72E0-4A74-45D6-A44D-56B4173B4F4A} -> () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...canner37440.cab ->
{9b935470-ad4a-11d5-b63e-00c04faedb18} -> Oracle JInitiator 1.1.8.16 - CodeBase = http://apps.ultimatix.org:8000/jinitiator/oajinit.exe ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Created Date = 5/24/2007 5:16:08 PM | Attr = ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 5/20/2007 10:00:37 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 5/20/2007 10:03:24 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 5/20/2007 10:03:14 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 5/20/2007 9:52:57 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 5/20/2007 9:56:35 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 5/20/2007 9:56:54 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 5/20/2007 10:01:06 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 5/20/2007 9:59:50 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 5/20/2007 9:51:32 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 5/20/2007 9:46:24 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 5/20/2007 9:56:26 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 5/20/2007 9:58:54 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Created Date = 5/20/2007 10:04:40 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 5/20/2007 9:57:14 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 5/20/2007 9:59:36 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 5/20/2007 9:56:45 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 5/20/2007 10:01:19 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 5/20/2007 9:59:25 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 5/20/2007 9:57:27 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 5/20/2007 10:03:39 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 5/20/2007 9:58:40 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 5/20/2007 10:03:03 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 5/20/2007 9:53:09 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 5/20/2007 10:00:46 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 5/20/2007 10:02:41 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 5/20/2007 9:57:02 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/23/2007 9:12:56 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 5/20/2007 10:02:53 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/20/2007 9:56:06 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 5/10/2007 7:44:44 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/20/2007 10:00:10 PM | Attr = H ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Created Date = 5/3/2007 5:20:57 PM | Attr = ]
ddfmvgrs.dll -> %System32%\ddfmvgrs.dll -> [Ver = | Size = 76412 bytes | Created Date = 5/28/2007 11:04:27 PM | Attr = ]
dkxycrmr.ini -> %System32%\dkxycrmr.ini -> [Ver = | Size = 1083898 bytes | Created Date = 5/29/2007 12:53:00 AM | Attr = HS]
ilbraioi.dll -> %System32%\ilbraioi.dll -> [Ver = | Size = 50745 bytes | Created Date = 5/29/2007 12:55:29 AM | Attr = ]
klcirhiv.ini -> %System32%\klcirhiv.ini -> [Ver = | Size = 1102239 bytes | Created Date = 5/29/2007 12:01:05 PM | Attr = HS]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 28 bytes | Created Date = 5/28/2007 8:38:40 PM | Attr = ]
rmrcyxkd.dll -> %System32%\rmrcyxkd.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/29/2007 12:52:46 AM | Attr = ]
SBO -> %System32%\SBO -> [Folder | Created Date = 5/19/2007 10:55:19 AM | Attr = ]
uxbay.bak2 -> %System32%\uxbay.bak2 -> [Ver = | Size = 1543355 bytes | Created Date = 5/29/2007 12:52:46 AM | Attr = HS]
uxbay.ini -> %System32%\uxbay.ini -> [Ver = | Size = 1548810 bytes | Created Date = 5/29/2007 11:54:59 AM | Attr = HS]
vihriclk.dll -> %System32%\vihriclk.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/29/2007 12:01:04 PM | Attr = ]
yabxu.dll -> %System32%\yabxu.dll -> [Ver = | Size = 262708 bytes | Created Date = 5/19/2007 10:51:16 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/28/2007 11:16:36 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
CLIENTWS -> %SystemDrive%\CLIENTWS -> [Folder | Modified Date = 5/29/2007 4:01:12 PM | Attr = ]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Modified Date = 5/26/2007 5:49:32 PM | Attr = ]
Mp3 -> %SystemDrive%\Mp3 -> [Folder | Modified Date = 5/26/2007 2:07:16 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/29/2007 12:16:06 AM | Attr = R ]
Ramana -> %SystemDrive%\Ramana -> [Folder | Modified Date = 5/29/2007 1:38:12 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/29/2007 12:57:28 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/29/2007 12:57:12 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/23/2007 10:12:10 PM | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 5/20/2007 11:00:38 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 5/20/2007 11:03:26 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 5/20/2007 11:03:16 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 5/20/2007 10:52:58 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 5/20/2007 10:56:38 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 5/20/2007 10:56:56 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 5/20/2007 11:01:08 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 5/20/2007 10:59:52 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 5/20/2007 10:51:36 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 5/20/2007 10:46:28 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 5/20/2007 10:56:28 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 5/20/2007 10:58:56 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Modified Date = 5/20/2007 11:04:42 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 5/20/2007 10:57:16 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 5/20/2007 10:59:38 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 5/20/2007 11:01:22 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 5/20/2007 10:59:28 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 5/20/2007 10:57:30 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 5/20/2007 11:03:42 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 5/20/2007 10:58:42 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 5/20/2007 11:03:06 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 5/20/2007 10:53:12 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 5/20/2007 11:00:50 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 5/20/2007 11:02:44 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 5/20/2007 10:57:04 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/23/2007 10:12:58 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 5/20/2007 11:02:56 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/20/2007 10:56:08 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 5/10/2007 8:44:46 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/20/2007 11:00:14 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/29/2007 12:51:20 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 5/29/2007 1:42:12 AM | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/20/2007 10:53:54 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/20/2007 11:04:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/27/2007 6:54:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/29/2007 4:01:08 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/29/2007 5:00:36 PM | Attr = ]
MMKEYBD.INI -> %SystemRoot%\MMKEYBD.INI -> [Ver = | Size = 29 bytes | Modified Date = 5/29/2007 12:55:38 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = ]
MSIOSD.INI -> %SystemRoot%\MSIOSD.INI -> [Ver = | Size = 30 bytes | Modified Date = 5/29/2007 12:55:36 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 202 bytes | Modified Date = 5/27/2007 11:54:28 PM | Attr = ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Modified Date = 5/3/2007 6:20:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/29/2007 12:57:00 PM | Attr = ]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 5/29/2007 3:31:28 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/19/2007 11:36:22 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/29/2007 5:21:44 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/29/2007 12:38:26 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/29/2007 5:15:14 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/20/2007 10:58:44 PM | Attr = ]
defrag.job -> %SystemRoot%\tasks\defrag.job -> [Ver = | Size = 244 bytes | Modified Date = 5/29/2007 4:02:52 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/29/2007 12:51:22 PM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/20/2007 10:59:10 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/27/2007 6:54:38 PM | Attr = ]
ddfmvgrs.dll -> %System32%\ddfmvgrs.dll -> [Ver = | Size = 76412 bytes | Modified Date = 5/29/2007 12:04:30 AM | Attr = ]
dkxycrmr.ini -> %System32%\dkxycrmr.ini -> [Ver = | Size = 1083898 bytes | Modified Date = 5/29/2007 12:59:40 PM | Attr = HS]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/27/2007 7:03:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/29/2007 4:01:02 PM | Attr = ]
ilbraioi.dll -> %System32%\ilbraioi.dll -> [Ver = | Size = 50745 bytes | Modified Date = 5/29/2007 1:55:30 AM | Attr = ]
klcirhiv.ini -> %System32%\klcirhiv.ini -> [Ver = | Size = 1102239 bytes | Modified Date = 5/29/2007 1:01:42 PM | Attr = HS]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 28 bytes | Modified Date = 5/29/2007 12:05:02 AM | Attr = ]
QuickTime.qtp -> %System32%\QuickTime.qtp -> [Ver = | Size = 50500 bytes | Modified Date = 5/17/2007 9:36:18 AM | Attr = ]
rmrcyxkd.dll -> %System32%\rmrcyxkd.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/29/2007 1:52:50 AM | Attr = ]
SBO -> %System32%\SBO -> [Folder | Modified Date = 5/19/2007 11:55:20 AM | Attr = ]
uxbay.bak2 -> %System32%\uxbay.bak2 -> [Ver = | Size = 1543355 bytes | Modified Date = 5/29/2007 12:55:38 PM | Attr = HS]
uxbay.ini -> %System32%\uxbay.ini -> [Ver = | Size = 1548810 bytes | Modified Date = 5/29/2007 5:21:44 PM | Attr = HS]
vihriclk.dll -> %System32%\vihriclk.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/29/2007 1:01:06 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 5/29/2007 12:57:58 PM | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/29/2007 12:54:56 PM | Attr = ]
yabxu.dll -> %System32%\yabxu.dll -> [Ver = | Size = 262708 bytes | Modified Date = 5/19/2007 11:51:22 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/13/2007 5:49:30 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\ddfmvgrs.dll -> [Ver = | Size = 76412 bytes | Modified Date = 5/29/2007 12:04:30 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 1/26/2006 2:36:02 PM | Attr = ]
UPX! , -> %System32%\ilbraioi.dll -> [Ver = | Size = 50745 bytes | Modified Date = 5/29/2007 1:55:30 AM | Attr = ]
PEC2 , -> %System32%\nutcom4.pdb -> [Ver = | Size = 197632 bytes | Modified Date = 1/2/2001 3:20:50 PM | Attr = ]
yourkey , -> %System32%\nutiface4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 184341 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutiface4.pdb -> [Ver = | Size = 656384 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.pdb -> [Ver = | Size = 1090560 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsys4.dll -> DataFocus, Inc. [Ver = 4.50.0100 | Size = 1017467 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
yourkey , -> %System32%\nutsys4.pdb -> [Ver = | Size = 3818496 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
UPX! , -> %System32%\rmrcyxkd.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/29/2007 1:52:50 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.exe -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.scr -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
UPX! , -> %System32%\vihriclk.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/29/2007 1:01:06 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

---------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:37:05 AM 5/29/2007

+ Scan result:



C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP618\A0181214.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP621\A0184106.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP623\A0186544.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\vkonchada\Desktop\WinPFind3u\MovedFiles\windows\SYSTEM32\awtqrqn.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[1868] C:\windows\system32\yabxu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
[232] C:\windows\system32\yabxu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\vkonchada\Desktop\WinPFind3u\MovedFiles\Documents and Settings\vkonchada\Local Settings\Temp\TICHD003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP617\A0178212.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP618\A0181204.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP619\A0181514.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP620\A0182848.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP621\A0184107.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP622\A0184290.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BEA236ED-44E7-40A6-A3D9-6B9CDF5ACFF5}\RP623\A0186540.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.347:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.382:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.412:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@webmd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.24:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.37:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.106:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.142:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.143:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.144:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.151:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.152:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.153:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.154:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.30:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.32:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.199:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.642:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.643:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.644:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.236:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.250:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.251:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.450:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.451:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.452:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.479:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.480:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.481:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.447:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.448:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.449:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.678:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.405:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.411:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.425:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.426:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.427:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.428:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.176:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.177:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@news.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@site.skype[1].txt -> TrackingCookie.Skype : Cleaned.
:mozilla.35:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.36:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.513:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.514:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.515:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.516:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.333:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.743:C:\Documents and Settings\vkonchada\Application Data\Mozilla\Firefox\Profiles\9tjbyffq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\vkonchada\Cookies\vkonchada@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

---------------

WinPFind3u log file:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\vkonchada\Local Settings\Temp\TICHD003.exe moved successfully.
C:\Documents and Settings\vkonchada\Start Menu\Programs\Startup\TA_Start.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} deleted successfully.
LoadLibrary failed for C:\windows\SYSTEM32\awtqrqn.dll
C:\windows\SYSTEM32\awtqrqn.dll NOT unregistered.
File move failed. C:\windows\SYSTEM32\awtqrqn.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqrqn deleted successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\awtqrqn.dll
C:\windows\SYSTEM32\awtqrqn.dll NOT unregistered.
C:\windows\SYSTEM32\awtqrqn.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yabxu deleted successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\yabxu.dll
C:\windows\SYSTEM32\yabxu.dll NOT unregistered.
File move failed. C:\windows\SYSTEM32\yabxu.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12491CD1-EE75-4314-9687-29DC45347F77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12491CD1-EE75-4314-9687-29DC45347F77} deleted successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\yabxu.dll
C:\windows\SYSTEM32\yabxu.dll NOT unregistered.
File move failed. C:\windows\SYSTEM32\yabxu.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} deleted successfully.
File C:\windows\SYSTEM32\awtqrqn.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B646AFB-9341-4330-8FD1-C32485AEE619} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619} deleted successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\pdrgshfg.dll
C:\windows\SYSTEM32\pdrgshfg.dll NOT unregistered.
C:\windows\SYSTEM32\pdrgshfg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} deleted successfully.
C:\windows\SYSTEM32\lihsgbji.dll unregistered successfully.
C:\windows\SYSTEM32\lihsgbji.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\windows\SYSTEM32\awtqrqn.dll not found!
C:\windows\SYSTEM32\guvaooov.ini moved successfully.
File C:\windows\SYSTEM32\lihsgbji.dll not found!
C:\windows\SYSTEM32\mcrh.tmp moved successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\oppqr.dll
C:\windows\SYSTEM32\oppqr.dll NOT unregistered.
C:\windows\SYSTEM32\oppqr.dll moved successfully.
File C:\windows\SYSTEM32\pdrgshfg.dll not found!
C:\windows\SYSTEM32\uxbay.bak1 moved successfully.
C:\windows\SYSTEM32\uxbay.bak2 moved successfully.
C:\windows\SYSTEM32\uxbay.ini moved successfully.
C:\windows\SYSTEM32\uxbay.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\yabxu.dll
C:\windows\SYSTEM32\yabxu.dll NOT unregistered.
File move failed. C:\windows\SYSTEM32\yabxu.dll scheduled to be moved on reboot.
C:\windows\SYSTEM32\yuyyjdex.ini moved successfully.
[Files/Folders - Modified Within 30 days]
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
File C:\windows\SYSTEM32\awtqrqn.dll not found!
File C:\windows\SYSTEM32\guvaooov.ini not found!
File C:\windows\SYSTEM32\lihsgbji.dll not found!
File C:\windows\SYSTEM32\mcrh.tmp not found!
File C:\windows\SYSTEM32\oppqr.dll not found!
File C:\windows\SYSTEM32\pdrgshfg.dll not found!
C:\windows\SYSTEM32\rqppo.ini moved successfully.
File C:\windows\SYSTEM32\uxbay.bak1 not found!
File C:\windows\SYSTEM32\uxbay.bak2 not found!
File C:\windows\SYSTEM32\uxbay.ini not found!
File C:\windows\SYSTEM32\uxbay.ini2 not found!
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\yabxu.dll
C:\windows\SYSTEM32\yabxu.dll NOT unregistered.
File move failed. C:\windows\SYSTEM32\yabxu.dll scheduled to be moved on reboot.
File C:\windows\SYSTEM32\yuyyjdex.ini not found!
[File String Scan - Non-Microsoft Only]
File C:\windows\SYSTEM32\oppqr.dll not found!
File C:\windows\SYSTEM32\pdrgshfg.dll not found!
[Empty Temp Folders]
C:\DOCUME~1\VKONCH~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\vkonchada\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 05/29/2007 00:38:59

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:30 PM

Posted 30 May 2007 - 04:02 AM

Hi kv77. Looks like there is still a vundo infection in there. Let's do the following.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new WinPFind3u log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

OK. Start WinPFind3u and perform a new scan (you can just use the default settings this time). Use the Add Reply button to post your new log file back here along with the log file from VundoFix (c:\vundofix.txt) and details of any problems you encountered performing the above steps and I will review the information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 kv77

kv77
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 30 May 2007 - 08:27 PM

Hi OT,

I have completed your instructions above. Please find below log files.


VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 8:30:45 PM 5/30/2007

Listing files found while scanning....

C:\windows\system32\guqqfwxl.dll
C:\windows\system32\uxbay.bak2
C:\windows\system32\uxbay.ini
C:\windows\system32\yabxu.dll

Beginning removal...

Attempting to delete C:\windows\system32\uxbay.bak2
C:\windows\system32\uxbay.bak2 Has been deleted!

Attempting to delete C:\windows\system32\uxbay.ini
C:\windows\system32\uxbay.ini Has been deleted!

Attempting to delete C:\windows\system32\yabxu.dll
C:\windows\system32\yabxu.dll Has been deleted!

Performing Repairs to the registry.
Done!


----------------------

WinPFind3 logfile created on: 5/30/2007 9:05:02 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\vkonchada\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

765.99 Mb Total Physical Memory | 361.88 Mb Available Physical Memory | 47.24% Memory free
1.08 Gb Paging File | 0.71 Gb Available in Paging File | 65.74% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.13 Gb Total Space | 1.30 Gb Free Space | 6.82% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JXWFIT9X8W021
Current User Name: vkonchada
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
actionagent.exe -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
besclient.exe -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
delldmi.exe -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
dlt.exe -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
dsncservice.exe -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
eventagt.exe -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 3:44:56 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
mcscript_inuse.exe -> %ProgramFiles%\Network Associates\Common Framework\McScript_InUse.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 249856 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
mmkeybd.exe -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 229376 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
neoterissetupservice.exe -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
nhksrv.exe -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
nutsrv4.exe -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
pcs_agnt.exe -> %ProgramFiles%\IBM\Personal Communications\PCS_AGNT.EXE -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 40960 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
pnagent.exe -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
rovasrvc.exe -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
tbmon.exe -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
trcboot.exe -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
umcstub.exe -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
win32sl.exe -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ActionAgent) ActionAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
(AmoAgent) Asset Management Agent [Win32_Own | Auto | Running] -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
(BESClient) BES Client [Win32_Own | Auto | Running] -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
(DellDmi) DellDmi [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
(DEventAgent) DEventAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
(DLT) DLT [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(dsNcService) Juniper Network Connect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
(Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(Neoteris Setup Service) Neoteris Setup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
(Nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
(NuTCRACKERService) NuTCRACKER Service [Win32_Own | Auto | Running] -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
(ROVA_Srvc) ROVA Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
(TrcBoot) TrcBoot [Win32_Own | Auto | Running] -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
(Win32Sl) Win32Sl [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
DellTouch -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
GUpload -> %AllUsersAppData%\Microsoft\Network\Connections\Cm\GRAS301\GUpload.exe -> [Ver = | Size = 122880 bytes | Modified Date = 8/22/2003 11:16:30 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 155648 bytes | Modified Date = 5/6/2004 4:52:10 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 12:59:48 PM | Attr = ]
j9201036 -> %System32%\j9201036.dll [rundll32 C:\windows\system32\j9201036.dll sook] -> [Ver = | Size = 10752 bytes | Modified Date = 5/30/2007 12:58:18 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 4:24:32 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 12:50:42 PM | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
NuTCSetupEnviron -> %SystemDrive%\Rational\Rational Test\nutcroot\bin\ncoeenv.exe -> [Ver = | Size = 16384 bytes | Modified Date = 1/2/2001 5:25:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
NWEReboot -> -> File not found
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 3/25/2006 11:56:34 AM | Attr = ]
ROVATray -> %ProgramFiles%\ROVA\rovatray.exe -> Quintech, Inc. [Ver = 2.60.126.0 | Size = 143360 bytes | Modified Date = 2/9/2007 9:00:00 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
SoDA Startup -> %SystemDrive%\Rational\SoDAWord\wizards\SodaStartup.exe -> Rational Software Corp. [Ver = 6.00.0006 | Size = 114688 bytes | Modified Date = 10/15/2001 1:13:12 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %CommonProgramFiles%\AOL\Launch\AOLLaunch.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:18 PM | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 3:44:14 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\services\tools\User_Update.vbs -> %SystemDrive%\Services\TOOLS\User_Update.vbs -> [Ver = | Size = 7595 bytes | Modified Date = 9/9/2003 11:07:00 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3829 | Size = 344064 bytes | Modified Date = 5/6/2004 4:47:46 PM | Attr = ]
WRNotifier -> WRLogonNTF.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> Merrill Lynch - %computername% ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\disablecad -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LogonType -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisablePersonalDirChange -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (862 bytes) -> C:\windows\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
203.199.19.19 apps.ultimatix.org apps -> ->
203.199.19.1 apps1.ultimatix.org apps1 -> ->
203.199.19.2 apps2.ultimatix.org apps2 -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
ml_softscape.com [http] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
http [*] -> ->
localhost [*] -> ->
*.aost_ml.com [http] -> ->
*.corp_ml.com [http] -> ->
*.dats_ml.com [http] -> ->
*.ffsdev_ml.com [http] -> ->
*.mlpc.privnet.us_ml.com [http] -> ->
*.privnet.us_ml.com [*] -> ->
*.purchasing_ml.com [http] -> ->
*.qa_ml.com [*] -> ->
*.qa_ml.com [http] -> ->
*.somerset_ml.com [http] -> ->
*.tgadev.privnet.us_ml.com [http] -> ->
*.tgaqa.privnet.us_ml.com [http] -> ->
*.worldnet_ml.com [https] -> ->
aost_ml.com [*] -> ->
corp_ml.com [*] -> ->
dats_ml.com [*] -> ->
ffsdev_ml.com [*] -> ->
mlpc.privnet.us_ml.com [*] -> ->
purchasing_ml.com [*] -> ->
somerset_ml.com [*] -> ->
us_ml.com [*] -> ->
worldnet_ml.com [*] -> ->
www.worldnet_ml.com [http] -> ->
motive30 [*] -> ->
motive40 [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{48A89498-9E4E-4CED-A114-1C8260B9EADB} [HKLM] -> %System32%\yabxu.dll [Reg Data - Value does not exist] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} [HKLM] -> %System32%\lihsgbji.dll [Reg Data - Value does not exist] -> File not found
{CD3447D4-CA39-4377-8084-30E86331D74C} [HKLM] -> %System32%\yxyxmann.dll [Reg Data - Value does not exist] -> [Ver = | Size = 50740 bytes | Modified Date = 5/30/2007 1:01:18 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 6:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{30137ADF-AF03-422A-922D-649757E1A03A} -> (Intel® PRO/1000 MT Network Connection) ->
{35D213E4-B51D-4257-A412-36942112209C} -> () ->
{AA5A72E0-4A74-45D6-A44D-56B4173B4F4A} -> () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...canner37440.cab ->
{9b935470-ad4a-11d5-b63e-00c04faedb18} -> Oracle JInitiator 1.1.8.16 - CodeBase = http://apps.ultimatix.org:8000/jinitiator/oajinit.exe ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Created Date = 5/24/2007 5:16:08 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/30/2007 7:30:45 PM | Attr = ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 5/20/2007 10:00:37 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 5/20/2007 10:03:24 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 5/20/2007 10:03:14 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 5/20/2007 9:52:57 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 5/20/2007 9:56:35 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 5/20/2007 9:56:54 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 5/20/2007 10:01:06 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 5/20/2007 9:59:50 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 5/20/2007 9:51:32 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 5/20/2007 9:46:24 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 5/20/2007 9:56:26 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 5/20/2007 9:58:54 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Created Date = 5/20/2007 10:04:40 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 5/20/2007 9:57:14 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 5/20/2007 9:59:36 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 5/20/2007 9:56:45 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 5/20/2007 10:01:19 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 5/20/2007 9:59:25 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 5/20/2007 9:57:27 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 5/20/2007 10:03:39 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 5/20/2007 9:58:40 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 5/20/2007 10:03:03 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 5/20/2007 9:53:09 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 5/20/2007 10:00:46 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 5/20/2007 10:02:41 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 5/20/2007 9:57:02 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/23/2007 9:12:56 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 5/20/2007 10:02:53 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/20/2007 9:56:06 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 5/10/2007 7:44:44 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/20/2007 10:00:10 PM | Attr = H ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Created Date = 5/3/2007 5:20:57 PM | Attr = ]
dkxycrmr.ini -> %System32%\dkxycrmr.ini -> [Ver = | Size = 1083898 bytes | Created Date = 5/29/2007 12:53:00 AM | Attr = HS]
fltlrhvk.exe -> %System32%\fltlrhvk.exe -> [Ver = | Size = 14868 bytes | Created Date = 5/30/2007 11:58:15 AM | Attr = ]
ilbraioi.dll -> %System32%\ilbraioi.dll -> [Ver = | Size = 50745 bytes | Created Date = 5/29/2007 12:55:29 AM | Attr = ]
j9201036.dll -> %System32%\j9201036.dll -> [Ver = | Size = 10752 bytes | Created Date = 5/30/2007 11:58:16 AM | Attr = ]
klcirhiv.ini -> %System32%\klcirhiv.ini -> [Ver = | Size = 1102239 bytes | Created Date = 5/29/2007 12:01:05 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 5/29/2007 9:27:21 PM | Attr = ]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 28 bytes | Created Date = 5/28/2007 8:38:40 PM | Attr = ]
SBO -> %System32%\SBO -> [Folder | Created Date = 5/19/2007 10:55:19 AM | Attr = ]
yxyxmann.dll -> %System32%\yxyxmann.dll -> [Ver = | Size = 50740 bytes | Created Date = 5/30/2007 12:01:15 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/28/2007 11:16:36 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
CLIENTWS -> %SystemDrive%\CLIENTWS -> [Folder | Modified Date = 5/30/2007 4:01:18 PM | Attr = ]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Modified Date = 5/26/2007 5:49:32 PM | Attr = ]
Mp3 -> %SystemDrive%\Mp3 -> [Folder | Modified Date = 5/26/2007 2:07:16 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/29/2007 12:16:06 AM | Attr = R ]
Ramana -> %SystemDrive%\Ramana -> [Folder | Modified Date = 5/29/2007 1:38:12 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/30/2007 3:16:58 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/30/2007 8:49:28 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/30/2007 8:56:26 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/23/2007 10:12:10 PM | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 5/20/2007 11:00:38 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 5/20/2007 11:03:26 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 5/20/2007 11:03:16 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 5/20/2007 10:52:58 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 5/20/2007 10:56:38 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 5/20/2007 10:56:56 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 5/20/2007 11:01:08 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 5/20/2007 10:59:52 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 5/20/2007 10:51:36 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 5/20/2007 10:46:28 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 5/20/2007 10:56:28 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 5/20/2007 10:58:56 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Modified Date = 5/20/2007 11:04:42 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 5/20/2007 10:57:16 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 5/20/2007 10:59:38 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 5/20/2007 11:01:22 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 5/20/2007 10:59:28 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 5/20/2007 10:57:30 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 5/20/2007 11:03:42 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 5/20/2007 10:58:42 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 5/20/2007 11:03:06 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 5/20/2007 10:53:12 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 5/20/2007 11:00:50 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 5/20/2007 11:02:44 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 5/20/2007 10:57:04 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/23/2007 10:12:58 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 5/20/2007 11:02:56 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/20/2007 10:56:08 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 5/10/2007 8:44:46 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/20/2007 11:00:14 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/30/2007 8:51:48 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 5/30/2007 8:52:04 PM | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/20/2007 10:53:54 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/20/2007 11:04:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/27/2007 6:54:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/30/2007 4:01:16 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/30/2007 9:03:12 PM | Attr = ]
MMKEYBD.INI -> %SystemRoot%\MMKEYBD.INI -> [Ver = | Size = 29 bytes | Modified Date = 5/30/2007 8:25:12 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = ]
MSIOSD.INI -> %SystemRoot%\MSIOSD.INI -> [Ver = | Size = 30 bytes | Modified Date = 5/30/2007 8:25:12 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 202 bytes | Modified Date = 5/27/2007 11:54:28 PM | Attr = ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Modified Date = 5/3/2007 6:20:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/30/2007 8:49:28 PM | Attr = ]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 5/30/2007 8:52:28 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/19/2007 11:36:22 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/30/2007 8:49:40 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/29/2007 12:38:26 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/30/2007 9:05:12 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/20/2007 10:58:44 PM | Attr = ]
defrag.job -> %SystemRoot%\tasks\defrag.job -> [Ver = | Size = 244 bytes | Modified Date = 5/30/2007 4:00:58 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/30/2007 8:51:48 PM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/20/2007 10:59:10 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/29/2007 6:44:56 PM | Attr = ]
dkxycrmr.ini -> %System32%\dkxycrmr.ini -> [Ver = | Size = 1083898 bytes | Modified Date = 5/29/2007 12:59:40 PM | Attr = HS]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/27/2007 7:03:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/30/2007 4:01:00 PM | Attr = ]
fltlrhvk.exe -> %System32%\fltlrhvk.exe -> [Ver = | Size = 14868 bytes | Modified Date = 5/30/2007 12:58:16 PM | Attr = ]
ilbraioi.dll -> %System32%\ilbraioi.dll -> [Ver = | Size = 50745 bytes | Modified Date = 5/29/2007 1:55:30 AM | Attr = ]
j9201036.dll -> %System32%\j9201036.dll -> [Ver = | Size = 10752 bytes | Modified Date = 5/30/2007 12:58:18 PM | Attr = ]
klcirhiv.ini -> %System32%\klcirhiv.ini -> [Ver = | Size = 1102239 bytes | Modified Date = 5/29/2007 1:01:42 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 5/30/2007 8:21:54 PM | Attr = ]
msnav32.ax -> %System32%\msnav32.ax -> [Ver = | Size = 28 bytes | Modified Date = 5/29/2007 12:05:02 AM | Attr = ]
QuickTime.qtp -> %System32%\QuickTime.qtp -> [Ver = | Size = 50500 bytes | Modified Date = 5/17/2007 9:36:18 AM | Attr = ]
SBO -> %System32%\SBO -> [Folder | Modified Date = 5/19/2007 11:55:20 AM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 5/30/2007 8:54:52 PM | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/30/2007 8:56:24 PM | Attr = ]
yxyxmann.dll -> %System32%\yxyxmann.dll -> [Ver = | Size = 50740 bytes | Modified Date = 5/30/2007 1:01:18 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/13/2007 5:49:30 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 1/26/2006 2:36:02 PM | Attr = ]
UPX! , -> %System32%\ilbraioi.dll -> [Ver = | Size = 50745 bytes | Modified Date = 5/29/2007 1:55:30 AM | Attr = ]
PEC2 , -> %System32%\nutcom4.pdb -> [Ver = | Size = 197632 bytes | Modified Date = 1/2/2001 3:20:50 PM | Attr = ]
yourkey , -> %System32%\nutiface4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 184341 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutiface4.pdb -> [Ver = | Size = 656384 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.pdb -> [Ver = | Size = 1090560 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsys4.dll -> DataFocus, Inc. [Ver = 4.50.0100 | Size = 1017467 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
yourkey , -> %System32%\nutsys4.pdb -> [Ver = | Size = 3818496 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.exe -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.scr -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
UPX! , -> %System32%\yxyxmann.dll -> [Ver = | Size = 50740 bytes | Modified Date = 5/30/2007 1:01:18 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:30 PM

Posted 31 May 2007 - 04:26 AM

Hi kv77. It's still in there. Sometimes it takes a couple of cleanings to remove it so let's go through it again.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WRNotifier -> WRLogonNTF.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {48A89498-9E4E-4CED-A114-1C8260B9EADB} [HKLM] -> %System32%\yabxu.dll [Reg Data - Value does not exist]
YN -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} [HKLM] -> %System32%\lihsgbji.dll [Reg Data - Value does not exist]
YY -> {CD3447D4-CA39-4377-8084-30E86331D74C} [HKLM] -> %System32%\yxyxmann.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> dkxycrmr.ini -> %System32%\dkxycrmr.ini
NY -> fltlrhvk.exe -> %System32%\fltlrhvk.exe
NY -> ilbraioi.dll -> %System32%\ilbraioi.dll
NY -> j9201036.dll -> %System32%\j9201036.dll
NY -> klcirhiv.ini -> %System32%\klcirhiv.ini
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> msnav32.ax -> %System32%\msnav32.ax
NY -> yxyxmann.dll -> %System32%\yxyxmann.dll
[Files/Folders - Modified Within 30 days]
NY -> dkxycrmr.ini -> %System32%\dkxycrmr.ini
NY -> fltlrhvk.exe -> %System32%\fltlrhvk.exe
NY -> ilbraioi.dll -> %System32%\ilbraioi.dll
NY -> j9201036.dll -> %System32%\j9201036.dll
NY -> klcirhiv.ini -> %System32%\klcirhiv.ini
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> msnav32.ax -> %System32%\msnav32.ax
NY -> yxyxmann.dll -> %System32%\yxyxmann.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , -> %System32%\ilbraioi.dll
NY -> UPX! , -> %System32%\yxyxmann.dll
[Start Explorer]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Close Notepad.

Now run the VundoFix program again.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Post the following back here:
  • the latest log file from VundoFix (c:\vundofix.txt)
  • the latest log file from WinPFind3u (the latest .log file in the WinPFind3u folder)
  • a new WinPFind3u scan report (this time in the Processes group select the All option, in the Win32 Services group select the All option and in the Driver Services group select the Non-Microsoft option).
I will review the information when it comes in.

Cheers.

OT

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 kv77

kv77
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 31 May 2007 - 09:03 PM

Hi OT,

I have run VundoFix but no files found. And below are the log files for your review.


VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 8:57:39 PM 5/31/2007

Listing files found while scanning....

No infected files were found.

---------------------


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A89498-9E4E-4CED-A114-1C8260B9EADB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48A89498-9E4E-4CED-A114-1C8260B9EADB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EFD24A3-DA7D-4488-BBC0-7510D2CFF038} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD3447D4-CA39-4377-8084-30E86331D74C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C} deleted successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\yxyxmann.dll
C:\windows\SYSTEM32\yxyxmann.dll NOT unregistered.
C:\windows\SYSTEM32\yxyxmann.dll moved successfully.
[Files/Folders - Created Within 30 days]
C:\windows\SYSTEM32\dkxycrmr.ini moved successfully.
C:\windows\SYSTEM32\fltlrhvk.exe moved successfully.
DllUnregisterServer procedure not found in C:\windows\SYSTEM32\ilbraioi.dll
C:\windows\SYSTEM32\ilbraioi.dll NOT unregistered.
C:\windows\SYSTEM32\ilbraioi.dll moved successfully.
LoadLibrary failed for C:\windows\SYSTEM32\j9201036.dll
C:\windows\SYSTEM32\j9201036.dll NOT unregistered.
C:\windows\SYSTEM32\j9201036.dll moved successfully.
C:\windows\SYSTEM32\klcirhiv.ini moved successfully.
C:\windows\SYSTEM32\mcrh.tmp moved successfully.
File C:\windows\SYSTEM32\msnav32.ax not found!
File C:\windows\SYSTEM32\yxyxmann.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\windows\SYSTEM32\dkxycrmr.ini not found!
File C:\windows\SYSTEM32\fltlrhvk.exe not found!
File C:\windows\SYSTEM32\ilbraioi.dll not found!
File C:\windows\SYSTEM32\j9201036.dll not found!
File C:\windows\SYSTEM32\klcirhiv.ini not found!
File C:\windows\SYSTEM32\mcrh.tmp not found!
File C:\windows\SYSTEM32\msnav32.ax not found!
File C:\windows\SYSTEM32\yxyxmann.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\windows\SYSTEM32\ilbraioi.dll not found!
File C:\windows\SYSTEM32\yxyxmann.dll not found!
Explorer started successfully
< End of log >
Created on 05/31/2007 20:56:43


----------------------

WinPFind3 logfile created on: 5/31/2007 9:27:56 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\vkonchada\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

765.99 Mb Total Physical Memory | 253.31 Mb Available Physical Memory | 33.07% Memory free
1.08 Gb Paging File | 0.71 Gb Available in Paging File | 65.67% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 19.13 Gb Total Space | 1.64 Gb Free Space | 8.57% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JXWFIT9X8W021
Current User Name: vkonchada
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 167936 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 8:59:42 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/26/2005 12:39:46 AM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21504 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 3:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 8:28:28 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 2:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 6:47:18 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 12:27:56 PM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 10.0.3790.3802 | Size = 25088 bytes | Modified Date = 1/28/2005 2:44:28 PM | Attr = ]
-> %System32%\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
-> %System32%\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 4:17:02 PM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 11:35:06 PM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 7:53:32 PM | Attr = ]
nhksrv.exe -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
trcboot.exe -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
actionagent.exe -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
besclient.exe -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
delldmi.exe -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
eventagt.exe -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
dlt.exe -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
dsncservice.exe -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
pcs_agnt.exe -> %ProgramFiles%\IBM\Personal Communications\PCS_AGNT.EXE -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 40960 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
neoterissetupservice.exe -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
nutsrv4.exe -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
rovasrvc.exe -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 229376 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 2:16:48 PM | Attr = ]
wdfmgr.exe -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 2:44:28 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
win32sl.exe -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]
umcstub.exe -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
mmkeybd.exe -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
tbmon.exe -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 3:44:56 PM | Attr = ]
ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:38 PM | Attr = ]
pnagent.exe -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
cam.exe -> %ProgramFiles%\CA\Unicenter Asset Management\Agents\CAM.EXE -> Computer Associates International, Inc. [Ver = 3.11.26.10 | Size = 246312 bytes | Modified Date = 3/18/2004 6:10:08 AM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - All]
(ActionAgent) ActionAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\ActionAgent.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 118784 bytes | Modified Date = 8/22/2001 10:45:26 AM | Attr = ]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Stopped] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(AmoAgent) Asset Management Agent [Win32_Own | Auto | Running] -> %SystemRoot%\UMCSTUB.EXE -> Computer Associates International, Inc. [Ver = 2.7 | Size = 136704 bytes | Modified Date = 11/21/2003 7:42:26 AM | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> Microsoft Corporation [Ver = 1.1.4322.2032 | Size = 32768 bytes | Modified Date = 7/15/2004 2:49:26 AM | Attr = ]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
(BESClient) BES Client [Win32_Own | Auto | Running] -> %ProgramFiles%\BigFix Enterprise\BES Client\BESClient.exe -> BigFix Inc. [Ver = 5, 1, 1, 50 | Size = 1687552 bytes | Modified Date = 5/19/2005 12:42:12 PM | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(cisvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(DellDmi) DellDmi [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\DellDmi.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 217088 bytes | Modified Date = 8/22/2001 10:46:02 AM | Attr = ]
(DEventAgent) DEventAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\EventAgt.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 147456 bytes | Modified Date = 8/22/2001 10:45:36 AM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(DLT) DLT [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\DLT.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 131072 bytes | Modified Date = 8/22/2001 10:45:42 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(dsNcService) Juniper Network Connect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Juniper Networks\Common Files\dsNcService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 344064 bytes | Modified Date = 9/25/2006 5:48:10 PM | Attr = ]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(HidServ) HID Input Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 155648 bytes | Modified Date = 8/22/2001 10:45:20 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 3:45:36 PM | Attr = ]
(Neoteris Setup Service) Neoteris Setup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Neoteris\Installer Service\NeoterisSetupService.exe -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 36864 bytes | Modified Date = 9/25/2006 3:28:50 PM | Attr = ]
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
(Netlogon) Net Logon [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %SystemRoot%\Nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 2:41:48 PM | Attr = ]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(NuTCRACKERService) NuTCRACKER Service [Win32_Own | Auto | Running] -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 7/28/2003 1:28:22 PM | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(ROVA_Srvc) ROVA Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ROVA Update\rovasrvc.exe -> Quintech, Inc. [Ver = 1.0.105.0 | Size = 83536 bytes | Modified Date = 11/9/2006 9:00:00 AM | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 7:53:32 PM | Attr = ]
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %System32%\tlntsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(TrcBoot) TrcBoot [Win32_Own | Auto | Running] -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 2:44:28 PM | Attr = ]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(WebClient) WebClient [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Win32Sl) Win32Sl [Win32_Own | Auto | Running] -> %SystemDrive%\DMI\WIN32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 62 | Size = 249344 bytes | Modified Date = 6/18/2001 3:21:30 PM | Attr = ]
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(wscsvc) Security Center [Win32_Shared | Auto | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 8:20:04 AM | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 2:15:00 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr = ]
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(atirage3) atirage3 [Kernel | On_Demand | Stopped] -> %System32%\drivers\atimpae.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 75136 bytes | Modified Date = 8/17/2001 12:49:00 PM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 4096 bytes | Modified Date = 9/28/2006 10:13:34 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/5/2006 12:03:16 PM | Attr = ]
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Stopped] -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.73.0.0 built by: WinDDK | Size = 186112 bytes | Modified Date = 5/29/2004 6:41:54 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(cdrbsvsd) cdrbsvsd [Kernel | System | Running] -> %System32%\drivers\cdrbsvsd.sys -> B.H.A Corporation [Ver = 7. 0. 0. 5 | Size = 13566 bytes | Modified Date = 12/3/2003 5:44:58 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(cwbmidi_device) Crystal WDM MPU-401 UART Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\cwbmidi.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Modified Date = 8/17/2001 12:19:26 PM | Attr = ]
(cwbwdm_device) Crystal WDM Audio Codec Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\cwbwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72832 bytes | Modified Date = 8/17/2001 12:19:28 PM | Attr = ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(dsNcAdpt) Juniper Network Connect Adapter [Kernel | On_Demand | Running] -> %System32%\drivers\dsNcAdpt.sys -> Juniper Networks [Ver = 5, 2, 0, 11213 | Size = 23552 bytes | Modified Date = 9/25/2006 5:47:50 PM | Attr = ]
(E1000) Intel® PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 6.2.21.15 built by: WinDDK | Size = 99840 bytes | Modified Date = 9/1/2002 6:38:40 AM | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 8:12:10 AM | Attr = ]
(EL90Xbc) 3Com 3C90X-BC Family PCI EtherLink Adapter [Kernel | On_Demand | Stopped] -> %System32%\drivers\el90Xbc5.SYS -> 3Com Corporation [Ver = 4.08.00.0000 | Size = 69555 bytes | Modified Date = 8/22/2001 6:54:58 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] -> %System32%\drivers\hpt3xx.sys -> HighPoint Technologies, Inc. [Ver = Revision v1.0.5 (XPClient.010817-1148) | Size = 38144 bytes | Modified Date = 8/17/2001 1:52:24 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3829 | Size = 711005 bytes | Modified Date = 5/6/2004 5:14:28 PM | Attr = ]
(IdeBusDr) IdeBusDr [Kernel | Boot | Running] -> %System32%\drivers\IdeBusDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 13891 bytes | Modified Date = 10/15/2002 1:00:00 AM | Attr = ]
(IdeChnDr) Intel® Ultra ATA Controller [Kernel | Boot | Running] -> %System32%\drivers\IdeChnDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 101431 bytes | Modified Date = 10/15/2002 1:00:00 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(KLOGNT) KLOGNT [Kernel | On_Demand | Running] -> %System32%\drivers\klognt.sys -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 24588 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/3/2004 10:41:36 PM | Attr = ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 22016 bytes | Modified Date = 5/27/2005 10:31:28 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(Msikbd2k) DellTouch [Kernel | On_Demand | Running] -> %System32%\drivers\Msikbd2k.sys -> Netropa Corporation [Ver = 1.03 | Size = 6942 bytes | Modified Date = 10/3/2000 4:18:24 PM | Attr = ]
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %System32%\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.276 | Size = 108480 bytes | Modified Date = 1/14/2005 8:00:00 PM | Attr = ]
(NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %System32%\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.301 | Size = 58464 bytes | Modified Date = 2/10/2005 9:00:00 PM | Attr = ]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/3/2004 11:00:52 PM | Attr = ]
(NsTrcNT) NsTrcNT [Kernel | Auto | Running] -> %System32%\drivers\nstrcnt.sys -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 12060 bytes | Modified Date = 8/14/2002 5:06:04 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 1550043 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
(omci) omci [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 10:42:58 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 21248 bytes | Modified Date = 9/19/2003 3:45:48 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 11/17/2005 12:19:30 PM | Attr = ]
(QCMerced) Logitech QuickCam Communicate [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvcm.sys -> [Ver = | Size = 1317152 bytes | Modified Date = 5/27/2005 10:32:52 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3515 | Size = 545208 bytes | Modified Date = 8/5/2002 10:23:58 AM | Attr = ]
(sonypvs1) Sony Digital Imaging Video2 [Kernel | On_Demand | Stopped] -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Modified Date = 10/15/2002 10:41:06 PM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 63, 0 | Size = 29680 bytes | Modified Date = 8/3/2006 1:53:32 AM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | Auto | Running] -> %System32%\drivers\SynTP.sys -> [Ver = | Size = 243024 bytes | Modified Date = 10/26/2001 3:29:06 PM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(TwoTrack) IBM PS/2 TrackPoint Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 8/17/2001 9:48:14 AM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 392824 bytes | Modified Date = 8/23/2006 11:38:36 PM | Attr = ]
(w810bus) Sony Ericsson W810 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810bus.sys -> MCCI [Ver = V4.34 | Size = 58288 bytes | Modified Date = 2/20/2006 11:59:28 AM | Attr = R ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 113504 bytes | Modified Date = 4/15/2003 11:40:54 AM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 78752 bytes | Modified Date = 4/15/2003 11:40:46 AM | Attr = ]
(EntDrv51) EntDrv51 [Kernel | On_Demand | Running] -> %System32%\drivers\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.277 | Size = 8320 bytes | Modified Date = 1/14/2005 8:00:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 10:26:26 PM | Attr = ]
DellTouch -> %SystemRoot%\MMKeybd.exe -> Netropa Corp. [Ver = 2.0.0 | Size = 163840 bytes | Modified Date = 9/5/2001 2:28:40 PM | Attr = ]
GUpload -> %AllUsersAppData%\Microsoft\Network\Connections\Cm\GRAS301\GUpload.exe -> [Ver = | Size = 122880 bytes | Modified Date = 8/22/2003 11:16:30 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1162350337\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:16 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 118784 bytes | Modified Date = 5/6/2004 4:48:06 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3829 | Size = 155648 bytes | Modified Date = 5/6/2004 4:52:10 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 12:59:48 PM | Attr = ]
j9201036 -> %System32%\j9201036.DLL [rundll32 C:\windows\system32\j9201036.dll sook] -> File not found
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 4:24:32 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 4:14:44 PM | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 6:32:18 PM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 131072 bytes | Modified Date = 12/7/2005 3:55:00 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 12:50:42 PM | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
NuTCSetupEnviron -> %SystemDrive%\Rational\Rational Test\nutcroot\bin\ncoeenv.exe -> [Ver = | Size = 16384 bytes | Modified Date = 1/2/2001 5:25:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
NWEReboot -> -> File not found
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 3/25/2006 11:56:34 AM | Attr = ]
ROVATray -> %ProgramFiles%\ROVA\rovatray.exe -> Quintech, Inc. [Ver = 2.60.126.0 | Size = 143360 bytes | Modified Date = 2/9/2007 9:00:00 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 8:00:00 PM | Attr = ]
SoDA Startup -> %SystemDrive%\Rational\SoDAWord\wizards\SodaStartup.exe -> Rational Software Corp. [Ver = 6.00.0006 | Size = 114688 bytes | Modified Date = 10/15/2001 1:13:12 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 401408 bytes | Modified Date = 10/26/2001 3:07:22 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.0.20 26Oct01 | Size = 110592 bytes | Modified Date = 10/26/2001 3:08:36 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 3/21/2006 11:38:26 PM | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Aim6 -> %CommonProgramFiles%\AOL\Launch\AOLLaunch.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 8:24:18 PM | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 3:44:14 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 10/6/2003 3:16:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\PNAgent\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.00.32649 | Size = 233744 bytes | Modified Date = 4/4/2005 2:44:48 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\services\tools\User_Update.vbs -> %SystemDrive%\Services\TOOLS\User_Update.vbs -> [Ver = | Size = 7595 bytes | Modified Date = 9/9/2003 11:07:00 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3829 | Size = 344064 bytes | Modified Date = 5/6/2004 4:47:46 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> Merrill Lynch - %computername% ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\disablecad -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LogonType -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisablePersonalDirChange -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (862 bytes) -> C:\windows\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
203.199.19.19 apps.ultimatix.org apps -> ->
203.199.19.1 apps1.ultimatix.org apps1 -> ->
203.199.19.2 apps2.ultimatix.org apps2 -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
ml_softscape.com [http] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
http [*] -> ->
localhost [*] -> ->
*.aost_ml.com [http] -> ->
*.corp_ml.com [http] -> ->
*.dats_ml.com [http] -> ->
*.ffsdev_ml.com [http] -> ->
*.mlpc.privnet.us_ml.com [http] -> ->
*.privnet.us_ml.com [*] -> ->
*.purchasing_ml.com [http] -> ->
*.qa_ml.com [*] -> ->
*.qa_ml.com [http] -> ->
*.somerset_ml.com [http] -> ->
*.tgadev.privnet.us_ml.com [http] -> ->
*.tgaqa.privnet.us_ml.com [http] -> ->
*.worldnet_ml.com [https] -> ->
aost_ml.com [*] -> ->
corp_ml.com [*] -> ->
dats_ml.com [*] -> ->
ffsdev_ml.com [*] -> ->
mlpc.privnet.us_ml.com [*] -> ->
purchasing_ml.com [*] -> ->
somerset_ml.com [*] -> ->
us_ml.com [*] -> ->
worldnet_ml.com [*] -> ->
www.worldnet_ml.com [http] -> ->
motive30 [*] -> ->
motive40 [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 6:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{30137ADF-AF03-422A-922D-649757E1A03A} -> (Intel® PRO/1000 MT Network Connection) ->
{35D213E4-B51D-4257-A412-36942112209C} -> () ->
{AA5A72E0-4A74-45D6-A44D-56B4173B4F4A} -> () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\nutafun4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 127156 bytes | Modified Date = 1/2/2001 3:22:18 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...canner37440.cab ->
{9b935470-ad4a-11d5-b63e-00c04faedb18} -> Oracle JInitiator 1.1.8.16 - CodeBase = http://apps.ultimatix.org:8000/jinitiator/oajinit.exe ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Created Date = 5/24/2007 5:16:08 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/30/2007 7:30:45 PM | Attr = ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 5/20/2007 10:00:37 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 5/20/2007 10:03:24 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 5/20/2007 10:03:14 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 5/20/2007 9:52:57 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 5/20/2007 9:56:35 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 5/20/2007 9:56:54 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 5/20/2007 10:01:06 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 5/20/2007 9:59:50 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 5/20/2007 9:51:32 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 5/20/2007 9:46:24 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 5/20/2007 9:56:26 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 5/20/2007 9:58:54 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Created Date = 5/20/2007 10:04:40 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 5/20/2007 9:57:14 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 5/20/2007 9:59:36 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 5/20/2007 9:56:45 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 5/20/2007 10:01:19 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 5/20/2007 9:59:25 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 5/20/2007 9:57:27 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 5/20/2007 10:03:39 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 5/20/2007 9:58:40 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 5/20/2007 10:03:03 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 5/20/2007 9:53:09 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 5/20/2007 10:00:46 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 5/20/2007 10:02:41 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 5/20/2007 9:57:02 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/23/2007 9:12:56 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 5/20/2007 10:02:53 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/20/2007 9:56:06 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 5/10/2007 7:44:44 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/20/2007 10:00:10 PM | Attr = H ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Created Date = 5/3/2007 5:20:57 PM | Attr = ]
SBO -> %System32%\SBO -> [Folder | Created Date = 5/19/2007 10:55:19 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/28/2007 11:16:36 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
CLIENTWS -> %SystemDrive%\CLIENTWS -> [Folder | Modified Date = 5/31/2007 4:01:34 PM | Attr = ]
HijackThis -> %SystemDrive%\HijackThis -> [Folder | Modified Date = 5/26/2007 5:49:32 PM | Attr = ]
Mp3 -> %SystemDrive%\Mp3 -> [Folder | Modified Date = 5/26/2007 2:07:16 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/29/2007 12:16:06 AM | Attr = R ]
Ramana -> %SystemDrive%\Ramana -> [Folder | Modified Date = 5/29/2007 1:38:12 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/30/2007 3:16:58 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/31/2007 8:57:34 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/30/2007 8:56:26 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/23/2007 10:12:10 PM | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 5/20/2007 11:00:38 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 5/20/2007 11:03:26 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 5/20/2007 11:03:16 PM | Attr = H ]
$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 5/20/2007 10:52:58 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 5/20/2007 10:56:38 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 5/20/2007 10:56:56 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 5/20/2007 11:01:08 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 5/20/2007 10:59:52 PM | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 5/20/2007 10:51:36 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 5/20/2007 10:46:28 PM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 5/20/2007 10:56:28 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 5/20/2007 10:58:56 PM | Attr = H ]
$NtUninstallKB917734_WMP10$ -> %SystemRoot%\$NtUninstallKB917734_WMP10$ -> [Folder | Modified Date = 5/20/2007 11:04:42 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 5/20/2007 10:57:16 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 5/20/2007 10:59:38 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 5/20/2007 11:01:22 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 5/20/2007 10:59:28 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 5/20/2007 10:57:30 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 5/20/2007 11:03:42 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 5/20/2007 10:58:42 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 5/20/2007 11:03:06 PM | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 5/20/2007 10:53:12 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 5/20/2007 11:00:50 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 5/20/2007 11:02:44 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 5/20/2007 10:57:04 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/23/2007 10:12:58 PM | Attr = H ]
$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 5/20/2007 11:02:56 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/20/2007 10:56:08 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 5/10/2007 8:44:46 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/20/2007 11:00:14 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/30/2007 8:51:48 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 5/30/2007 8:52:04 PM | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/20/2007 10:53:54 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/20/2007 11:04:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/27/2007 6:54:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/31/2007 4:01:30 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/31/2007 9:01:20 PM | Attr = ]
MMKEYBD.INI -> %SystemRoot%\MMKEYBD.INI -> [Ver = | Size = 29 bytes | Modified Date = 5/30/2007 8:25:12 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 5/20/2007 10:56:48 PM | Attr = ]
MSIOSD.INI -> %SystemRoot%\MSIOSD.INI -> [Ver = | Size = 30 bytes | Modified Date = 5/30/2007 8:25:12 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 202 bytes | Modified Date = 5/27/2007 11:54:28 PM | Attr = ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 0 bytes | Modified Date = 5/3/2007 6:20:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/30/2007 11:58:38 PM | Attr = ]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 5/31/2007 7:27:26 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/19/2007 11:36:22 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/31/2007 8:56:44 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/29/2007 12:38:26 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/31/2007 8:57:02 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/20/2007 10:58:44 PM | Attr = ]
defrag.job -> %SystemRoot%\tasks\defrag.job -> [Ver = | Size = 244 bytes | Modified Date = 5/31/2007 4:04:30 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/30/2007 8:51:48 PM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/20/2007 10:59:10 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/29/2007 6:44:56 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/27/2007 7:03:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/31/2007 4:01:06 PM | Attr = ]
QuickTime.qtp -> %System32%\QuickTime.qtp -> [Ver = | Size = 50500 bytes | Modified Date = 5/17/2007 9:36:18 AM | Attr = ]
SBO -> %System32%\SBO -> [Folder | Modified Date = 5/19/2007 11:55:20 AM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 48882 bytes | Modified Date = 5/30/2007 8:54:52 PM | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/30/2007 8:56:24 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/13/2007 5:49:30 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 1/26/2006 2:36:02 PM | Attr = ]
PEC2 , -> %System32%\nutcom4.pdb -> [Ver = | Size = 197632 bytes | Modified Date = 1/2/2001 3:20:50 PM | Attr = ]
yourkey , -> %System32%\nutiface4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 184341 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutiface4.pdb -> [Ver = | Size = 656384 bytes | Modified Date = 1/2/2001 3:24:44 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsrv4.pdb -> [Ver = | Size = 1090560 bytes | Modified Date = 1/2/2001 2:55:14 PM | Attr = ]
yourkey , -> %System32%\nutsys4.dll -> DataFocus, Inc. [Ver = 4.50.0100 | Size = 1017467 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
yourkey , -> %System32%\nutsys4.pdb -> [Ver = | Size = 3818496 bytes | Modified Date = 4/19/2001 3:53:32 PM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.exe -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
UPX! , UPX0 , -> %System32%\Total Merrill Screensaver.scr -> [Ver = | Size = 498176 bytes | Modified Date = 3/25/2003 8:05:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:30 PM

Posted 01 June 2007 - 04:08 AM

Hi kv77. Everything looks fine now. Good job! How are things running? Any more issues?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 kv77

kv77
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 02 June 2007 - 10:25 AM

Hi OT,

My PC seems to be back to its original speed and I dont see any more ad popups. Really appreciate your help. You guys are great!!.

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:30 PM

Posted 02 June 2007 - 11:05 AM

Hi kv77. Glad to hear things are back to normal :thumbsup: There is one last thing that should be done.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users