Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Running Computer With Pop-ups


  • Please log in to reply
11 replies to this topic

#1 jeyh87

jeyh87

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:01:39 PM

Posted 30 May 2007 - 07:51 PM

My computer is running very slowly. Some of my programs like paintshop Pre freezes and shuts down, and I can hear my pop-up blocker blocking a lot of pop-ups. My pop-up blocker blocks quite a few, but I can still hear the advertising in the background. Please Help ASAP :thumbsup:


here's my HijackThis Log...


Logfile of HijackThis v1.99.1
Scan saved at 7:43:42 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Juell.HOME.000\My Documents\myprograms\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B76EB02-AF64-44C7-B6E6-3EB7D60896C3}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VetMsgNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:39 PM

Posted 02 June 2007 - 08:40 PM

Welcome to BC :thumbsup:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
    • In the Drivers Services group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in
Microsoft MVP Consumer Security--2007-2010

#3 jeyh87

jeyh87
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:01:39 PM

Posted 04 June 2007 - 01:42 PM

Thank you sjpritch25 :thumbsup:

Here are the results from the scan...


WinPFind3 logfile created on: 6/4/2007 1:07:30 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Juell.HOME.000\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

246.98 Mb Total Physical Memory | 68.79 Mb Available Physical Memory | 27.85% Memory free
604.38 Mb Paging File | 339.66 Mb Available in Paging File | 56.20% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.81 Gb Total Space | 17.23 Gb Free Space | 32.02% Space Free
Drive D: | 3.45 Gb Total Space | 0.70 Gb Free Space | 20.23% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Juell
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
cavrid.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
cavtray.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 9:16:44 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 3:51:14 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 6:04:38 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 3:55:14 PM | Attr = ]
ipclient.exe -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\IPClient.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 380928 bytes | Modified Date = 6/11/2003 3:52:24 AM | Attr = ]
ipmon32.exe -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\ipmon32.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 122880 bytes | Modified Date = 6/11/2003 3:52:26 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 7/6/2001 11:56:56 PM | Attr = ]
kodak software updater.exe -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> [Ver = | Size = 16423 bytes | Modified Date = 2/13/2004 2:12:08 PM | Attr = ]
kodakccs.exe -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 12:35:52 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:10 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 4:32:56 AM | Attr = ]
lxbkbmgr.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 4:43:46 AM | Attr = ]
lxbkbmon.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 8/19/2003 5:00:40 AM | Attr = ]
mpbtn.exe -> %ProgramFiles%\SBC Self Support Tool\bin\mpbtn.exe -> [Ver = | Size = 192512 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ]
psiservice.exe -> %System32%\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 8:40:12 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.16 | Size = 707080 bytes | Modified Date = 3/19/2007 1:11:34 AM | Attr = ]
usbtip.exe -> %ProgramFiles%\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe -> Pinnacle Systems [Ver = 1, 0, 0, 9 | Size = 192512 bytes | Modified Date = 4/23/2004 11:00:36 AM | Attr = ]
vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 5/10/2002 12:50:04 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 12/17/2004 9:00:00 AM | Attr = ]
ybrwicon.exe -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 4:19:46 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 10/26/2006 9:21:50 PM | Attr = ]
yop.exe -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 10:43:10 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/9/2005 12:03:34 PM | Attr = ]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 79472 bytes | Modified Date = 7/14/2005 9:16:40 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 9:16:44 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.767.25472.beta | Size = 136952 bytes | Modified Date = 4/6/2007 4:44:34 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | Auto | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Running] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 12:35:52 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 4:37:10 AM | Attr = ]
(msCMTSrvc) Content Monitoring Tool [Win32_Own | On_Demand | Stopped] -> %System32%\msCMTSrvc.exe -> File not found
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 61440 bytes | Modified Date = 10/1/2002 1:39:00 AM | Attr = ]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %System32%\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 8:40:12 PM | Attr = ]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.16 | Size = 707080 bytes | Modified Date = 3/19/2007 1:11:34 AM | Attr = ]
(sdCoreService) Spyware Doctor Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.47 | Size = 1299024 bytes | Modified Date = 3/6/2007 3:57:28 PM | Attr = ]
(VetMsgNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 5/10/2002 12:50:04 PM | Attr = ]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %System32%\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 6:07:38 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5730 built by: WinDDK | Size = 2279424 bytes | Modified Date = 10/1/2004 10:24:02 AM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(core) core [Kernel | System | Stopped] -> system32\drivers\core.sys -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DCamUSBEMPIA) Dazzle DVC90 Video Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\emDevice.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 100957 bytes | Modified Date = 4/6/2004 2:08:06 PM | Attr = ]
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %System32%\drivers\DcCam.sys -> Eastman Kodak Company [Ver = 1.5.0502.0 | Size = 36918 bytes | Modified Date = 5/20/2004 8:21:10 AM | Attr = ]
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcFpoint.sys -> Eastman Kodak Company [Ver = 1.5.0502.0 | Size = 61564 bytes | Modified Date = 5/20/2004 8:41:54 AM | Attr = ]
(DCFS2K) Kodak DCFS2K Driver [Kernel | Auto | Running] -> %System32%\drivers\DCFS2k.sys -> Eastman Kodak Company [Ver = 1.0.4100.7 | Size = 38705 bytes | Modified Date = 6/2/2004 1:19:00 PM | Attr = ]
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcLps.sys -> Eastman Kodak Company [Ver = 1.5.0502.0 | Size = 8022 bytes | Modified Date = 5/20/2004 8:39:42 AM | Attr = ]
(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcPtp.sys -> Eastman Kodak Company [Ver = 1.5.0502.0 | Size = 68950 bytes | Modified Date = 5/20/2004 8:45:20 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:18 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(emAudio) Dazzle DVC90 Audio Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\emAudio.sys -> Pinnacle Systems, Inc. [Ver = 1.1.0505.0 | Size = 19584 bytes | Modified Date = 5/5/2004 1:40:38 PM | Attr = ]
(Exportit) Exportit [Kernel | System | Stopped] -> %System32%\drivers\ExportIt.sys -> Eastman Kodak Company [Ver = 1.0.8900.7 | Size = 151985 bytes | Modified Date = 6/2/2004 1:17:56 PM | Attr = ]
(FiltUSBEMPIA) USB Device Lower Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\emFilter.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 5245 bytes | Modified Date = 4/6/2004 2:07:58 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3889 | Size = 737874 bytes | Modified Date = 8/20/2004 4:26:00 PM | Attr = ]
(IKFileFlt) File Filter Driver [File_System | System | Running] -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1015 | Size = 39248 bytes | Modified Date = 2/19/2007 6:13:34 PM | Attr = ]
(IKFileSec) File Security Driver [Kernel | System | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Modified Date = 2/19/2007 6:13:38 PM | Attr = ]
(IkSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 59472 bytes | Modified Date = 2/25/2007 11:45:42 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Modified Date = 2/23/2007 12:09:54 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 625537 bytes | Modified Date = 3/31/2003 2:29:00 PM | Attr = ]
(MarvinBus) Pinnacle Marvin Bus [Kernel | On_Demand | Stopped] -> %System32%\drivers\MarvinBus.sys -> Pinnacle Systems GmbH [Ver = 1.0.2.016 | Size = 90464 bytes | Modified Date = 3/29/2004 4:06:24 AM | Attr = ]
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %System32%\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 9/16/2006 8:24:46 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(mrtRate) mrtRate [Kernel | Auto | Stopped] -> -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:54 PM | Attr = ]
(PCDRDRV) Pcdr Helper Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys -> File not found
(PcdrNt) PcdrNt [Kernel | On_Demand | Stopped] -> %System32%\drivers\PcdrNt.sys -> PC-Doctor Inc. [Ver = 4.0.7 | Size = 44192 bytes | Modified Date = 3/23/2000 7:42:24 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCLEPCI) PCLEPCI [Kernel | System | Running] -> %System32%\drivers\Pclepci.sys -> Pinnacle Systems GmbH [Ver = 1.06 | Size = 14165 bytes | Modified Date = 7/16/2004 4:47:14 PM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 11/3/2005 6:12:10 PM | Attr = R ]
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %System32%\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 23808 bytes | Modified Date = 7/30/2002 12:43:50 AM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.62a | Size = 20016 bytes | Modified Date = 5/19/2004 2:33:44 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:32 PM | Attr = ]
(S3Psddr) S3Psddr [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Modified Date = 8/3/2004 11:29:52 PM | Attr = ]
(ScanUSBEMPIA) USB Still Image Capture Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\emScan.sys -> eMPIA Technology, Inc. [Ver = 1.1.0406.0 | Size = 4493 bytes | Modified Date = 4/6/2004 2:07:54 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 6.1.3010.0 built by: WinDDK | Size = 28160 bytes | Modified Date = 7/17/2002 9:25:18 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 4/19/2007 3:13:00 PM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %System32%\drivers\Vet-Filt.1 -> [Ver = | Size = 21604 bytes | Modified Date = 10/1/2004 2:43:54 PM | Attr = ]
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %System32%\drivers\Vet-Rec.1 -> [Ver = | Size = 15667 bytes | Modified Date = 10/1/2004 2:43:52 PM | Attr = ]
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %System32%\drivers\VetEBoot.sys -> Computer Associates International, Inc. [Ver = 30.7.0.0 | Size = 108656 bytes | Modified Date = 5/2/2007 11:39:32 AM | Attr = ]
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %System32%\drivers\VetEFile.sys -> Computer Associates International, Inc. [Ver = 30.7.0.0 | Size = 630464 bytes | Modified Date = 5/2/2007 11:39:32 AM | Attr = ]
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\VetFDDNT.1 -> Computer Associates International, Inc. [Ver = 10.65.0.4 | Size = 108356 bytes | Modified Date = 10/1/2004 2:43:56 PM | Attr = ]
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %System32%\drivers\VetMonNT.1 -> Computer Associates International, Inc. [Ver = 10.65.0.4 | Size = 540580 bytes | Modified Date = 10/1/2004 2:43:54 PM | Attr = ]
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %System32%\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.00.00.2410 built by: VIA | Size = 27648 bytes | Modified Date = 3/4/2002 1:10:00 PM | Attr = ]
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %System32%\vsdatant.sys -> Zone Labs Inc. [Ver = 5.1.039.000 | Size = 271792 bytes | Modified Date = 10/12/2004 8:37:08 AM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %System32%\drivers\wanatw4.sys -> America Online, Inc. [Ver = 7.9.0.0 | Size = 28396 bytes | Modified Date = 2/5/2002 4:30:42 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | System | Stopped] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 91678 bytes | Modified Date = 9/16/2002 9:05:26 PM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 71514 bytes | Modified Date = 9/16/2002 9:05:36 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BlockTracker -> %SystemDrive%\hp\bin\BlockTracker.exe -> File not found
CaAvTray -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
CAVRID -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 1/22/2007 12:20:12 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 3:51:14 PM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 6:04:38 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 3:55:14 PM | Attr = ]
IPInSightLAN 02 -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\IPClient.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 380928 bytes | Modified Date = 6/11/2003 3:52:24 AM | Attr = ]
IPInSightMonitor 02 -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\ipmon32.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 122880 bytes | Modified Date = 6/11/2003 3:52:26 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 7/6/2001 11:56:56 PM | Attr = ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 4:43:46 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 372736 bytes | Modified Date = 10/1/2002 1:39:00 AM | Attr = ]
PCLEPCI -> %ProgramFiles%\Pinnacle\PPE\PPE.exe -> Pinnacle Systems GmbH [Ver = 1.1.33 | Size = 49152 bytes | Modified Date = 2/3/2004 3:13:18 PM | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 7/31/2002 10:28:38 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/13/2002 11:42:26 PM | Attr = ]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 10:01:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
USB2Check -> %System32%\PCLECoInst.DLL [RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController] -> Pinnacle Systems [Ver = 1, 1, 1, 6 | Size = 61440 bytes | Modified Date = 4/6/2004 7:05:48 PM | Attr = ]
USBToolTip -> %ProgramFiles%\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe -> Pinnacle Systems [Ver = 1, 0, 0, 9 | Size = 192512 bytes | Modified Date = 4/23/2004 11:00:36 AM | Attr = ]
WCOLOREAL -> %ProgramFiles%\COMPAQ\Coloreal\COLOREAL.EXE -> [Ver = | Size = 143360 bytes | Modified Date = 2/20/2002 9:40:00 PM | Attr = ]
YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 4:19:46 PM | Attr = ]
YOP -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 10:43:10 AM | Attr = ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
-> -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Desktop Weather 3 -> %SystemDrive%\PROGRA~1\THEWEA~1\THEWEA~1.EXE -> File not found
DWHeartbeatMonitor -> %SystemDrive%\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe -> File not found
NVIEW -> %System32%\nview.dll [rundll32.exe nview.dll,nViewLoadHook] -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified Date = 10/1/2002 1:39:00 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 9:21:48 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Free WebSite Tools.lnk -> %ProgramFiles%\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe -> [Ver = | Size = 372224 bytes | Modified Date = 8/7/2003 4:20:10 PM | Attr = ]
%AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 5, 0, 4, 128 | Size = 757760 bytes | Modified Date = 8/11/2004 2:22:40 AM | Attr = ]
%AllUsersStartup%\Kodak software updater.lnk -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> [Ver = | Size = 16423 bytes | Modified Date = 2/13/2004 2:12:08 PM | Attr = ]
%AllUsersStartup%\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 9/20/2002 9:20:02 PM | Attr = ]
%AllUsersStartup%\SBC Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 118784 bytes | Modified Date = 12/17/2004 9:00:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Juell.HOME.000\Start Menu\Programs\Startup
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 9/18/2003 11:08:22 AM | Attr = ]
%UserStartup%\LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 122880 bytes | Modified Date = 1/26/2007 3:53:16 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 3:50:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> [
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://red.clientapps.yahoo.com/customize/.../search/ie.html ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.myspace.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 9:02:04 PM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:54 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKLM] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 12:53:18 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: AT&T Yahoo! Services] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 10:56:24 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
YPC 3.2.0 -> Yahoo! Parental Controls ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{5B76EB02-AF64-44C7-B6E6-3EB7D60896C3} -> 151.164.1.8,206.13.28.12 (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{5EE09237-D958-4347-AC84-D19E0B58D98C} -> () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 1/22/2007 12:20:14 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 1/22/2007 12:20:14 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 1/22/2007 12:20:14 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 1/22/2007 12:20:14 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
bt2 -> %SystemDrive%\PROGRA~1\BT2Net\BT2PLU~1.DLL -> File not found
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
application/x-bt2 -> %SystemDrive%\PROGRA~1\BT2Net\BT2PLU~1.DLL -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll ->
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -> - CodeBase = ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
Thumbs.db -> %SystemDrive%\Thumbs.db -> [Ver = | Size = 3072 bytes | Created Date = 5/23/2007 10:43:23 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 5/8/2007 9:13:58 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 5/8/2007 10:24:03 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/22/2007 4:14:58 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 5/9/2007 5:06:50 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/8/2007 8:40:31 PM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/8/2007 8:41:35 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 5/8/2007 10:22:34 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 5/8/2007 10:16:28 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 5/8/2007 10:20:28 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 5/8/2007 10:12:37 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 5/17/2007 10:59:38 AM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 5/8/2007 9:16:04 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 5/8/2007 9:48:30 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 5/29/2007 1:53:16 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 5/29/2007 1:53:16 PM | Attr = H ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7680 bytes | Created Date = 5/23/2007 10:43:37 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 5/8/2007 9:19:45 PM | Attr = ]
75EDBF741F.sys -> %System32%\75EDBF741F.sys -> [Ver = | Size = 88 bytes | Created Date = 5/29/2007 1:05:24 PM | Attr = RHS]
en-US -> %System32%\en-US -> [Folder | Created Date = 5/8/2007 9:19:40 PM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 3350 bytes | Created Date = 5/29/2007 1:05:23 PM | Attr = HS]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 5/8/2007 10:13:31 PM | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 5/8/2007 10:23:04 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 5/8/2007 10:13:31 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 5/8/2007 10:13:46 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 199 bytes | Modified Date = 5/16/2007 1:37:14 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/31/2007 9:43:40 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259047424 bytes | Modified Date = 6/4/2007 12:56:34 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/30/2007 6:09:00 PM | Attr = R ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/29/2007 7:53:44 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/30/2007 2:49:52 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/31/2007 10:21:24 AM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/1/2007 2:08:38 AM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/1/2007 4:36:38 PM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/1/2007 5:36:50 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 6/1/2007 5:36:50 PM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/4/2007 1:42:52 AM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/4/2007 5:50:18 AM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 6/4/2007 5:50:18 AM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/4/2007 12:54:36 PM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/21/2007 4:36:02 PM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/21/2007 9:02:50 PM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/22/2007 3:16:16 AM | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/22/2007 5:02:04 PM | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/23/2007 6:24:04 AM | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/24/2007 9:04:46 AM | Attr = H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/27/2007 8:30:24 PM | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/28/2007 6:22:38 AM | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/29/2007 9:07:08 AM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/24/2007 9:04:44 AM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/27/2007 8:30:24 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/28/2007 6:22:38 AM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/29/2007 9:07:08 AM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/29/2007 7:53:44 PM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/30/2007 2:49:52 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/31/2007 10:21:24 AM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/1/2007 2:08:38 AM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/1/2007 4:36:38 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/1/2007 5:36:50 PM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/1/2007 5:36:50 PM | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/4/2007 1:42:52 AM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/4/2007 5:50:18 AM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/4/2007 5:50:18 AM | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/4/2007 12:54:36 PM | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/21/2007 4:36:02 PM | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/21/2007 9:02:50 PM | Attr = H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/22/2007 3:16:16 AM | Attr = H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/22/2007 5:02:04 PM | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/23/2007 6:24:02 AM | Attr = H ]
Thumbs.db -> %SystemDrive%\Thumbs.db -> [Ver = | Size = 3072 bytes | Modified Date = 5/23/2007 10:43:26 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/29/2007 1:53:18 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/22/2007 4:13:28 PM | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 5/8/2007 9:14:00 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 5/8/2007 10:24:06 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/22/2007 4:15:02 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 5/9/2007 5:07:06 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/8/2007 8:40:34 PM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/8/2007 8:41:42 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 5/8/2007 10:22:36 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 5/8/2007 10:16:34 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 5/8/2007 10:20:36 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 5/8/2007 10:12:38 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 5/9/2007 9:42:34 AM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 5/17/2007 3:32:12 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/4/2007 12:56:40 PM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 5/29/2007 12:14:18 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/8/2007 8:35:04 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/17/2007 10:59:50 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 5/7/2007 9:49:56 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/22/2007 4:01:52 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 5/8/2007 9:18:10 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 5/8/2007 9:48:32 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 5/9/2007 5:10:44 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/23/2007 12:51:52 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/31/2007 9:43:42 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 6/4/2007 12:04:24 AM | Attr = ]
LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> [Ver = | Size = 1201 bytes | Modified Date = 5/22/2007 11:33:30 AM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 5/8/2007 9:19:18 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/13/2007 2:06:40 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/4/2007 11:33:28 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 5/16/2007 1:36:46 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 5/29/2007 1:53:18 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/31/2007 9:22:02 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 5/16/2007 1:37:14 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/29/2007 1:43:44 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/23/2007 12:52:02 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7680 bytes | Modified Date = 5/23/2007 10:43:38 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 5/8/2007 9:19:46 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1326 bytes | Modified Date = 5/16/2007 1:37:14 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/29/2007 2:07:12 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/28/2007 8:20:06 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/4/2007 12:56:56 PM | Attr = H ]
75EDBF741F.sys -> %System32%\75EDBF741F.sys -> [Ver = | Size = 88 bytes | Modified Date = 5/29/2007 1:50:58 PM | Attr = RHS]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 5/8/2007 10:22:12 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/8/2007 9:46:24 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/4/2007 1:07:38 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 5/8/2007 9:20:08 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/22/2007 5:06:16 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/8/2007 10:16:54 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 5/8/2007 9:49:04 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 284520 bytes | Modified Date = 5/8/2007 9:10:36 AM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 5/31/2007 9:19:18 PM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 3350 bytes | Modified Date = 5/29/2007 1:55:42 PM | Attr = HS]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 5/8/2007 10:13:32 PM | Attr = ]
mcs.rma -> %System32%\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 5/24/2007 1:58:20 AM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 5/8/2007 10:22:12 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 890 bytes | Modified Date = 6/4/2007 11:35:44 AM | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/4/2007 12:57:56 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 5/8/2007 10:16:54 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 5/8/2007 10:13:48 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 3:20:44 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 10/2/2006 1:04:40 PM | Attr = ]
PTech , -> %System32%\igfxhcsy.lhp -> [Ver = | Size = 59914 bytes | Modified Date = 8/20/2004 3:56:24 PM | Attr = ]
UPX! , UPX0 , -> %System32%\lame_enc.dll -> [Ver = | Size = 85504 bytes | Modified Date = 4/11/2000 8:44:56 PM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 7:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 6:20:34 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]

< End of report >

Edited by jeyh87, 04 June 2007 - 09:41 PM.


#4 jeyh87

jeyh87
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:01:39 PM

Posted 04 June 2007 - 09:44 PM

It's becoming impossible to do anything on my computer.. i need help :thumbsup:

#5 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:39 PM

Posted 04 June 2007 - 10:14 PM

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#6 jeyh87

jeyh87
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:01:39 PM

Posted 04 June 2007 - 11:38 PM

Ok.. here is the ComboFix Log...

"Juell" - 2007-06-04 23:03:39 Service Pack 2 NTFS
ComboFix 07-06-05 - Running from: ""


((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))


2007-05-29 13:50 <DIR> d-------- C:\DOCUME~1\JUELLH~1.000\APPLIC~1\Corel
2007-05-29 13:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-05-29 13:40 476,752 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\pswi_preloaded.exe
2007-05-29 13:05 88 -r-hs---- C:\WINDOWS\system32\75EDBF741F.sys
2007-05-29 13:05 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-28 15:15 <DIR> d-------- C:\DOCUME~1\JUELLH~1.000\APPLIC~1\WinRAR
2007-05-17 10:59 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-08 22:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-08 22:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-08 22:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-08 20:41 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-23 05:04:02 -------- d-----w C:\Program Files\Audacity
2007-05-02 17:39:30 630,464 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-05-02 17:39:30 108,656 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-04-24 04:48:51 -------- d-----w C:\DOCUME~1\JUELLH~1.000\APPLIC~1\CoffeeCup Software
2007-04-23 19:44:21 3,346 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-23 05:50:48 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-04-23 05:50:48 0 ----a-w C:\WINDOWS\system32\SBFC.dat
2007-04-23 05:17:36 -------- d-----w C:\Program Files\Sunbelt Software
2007-04-21 17:39:57 -------- d-----w C:\Program Files\iTunes
2007-04-21 17:39:42 -------- d-----w C:\Program Files\iPod
2007-04-21 17:38:21 -------- d-----w C:\Program Files\QuickTime
2007-04-21 17:36:00 -------- d-----w C:\Program Files\Apple Software Update
2007-04-21 17:03:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-21 06:05:26 -------- d-----w C:\DOCUME~1\JUELLH~1.000\APPLIC~1\Apple Computer
2007-04-20 09:06:49 -------- d-----w C:\Program Files\Spyware Doctor
2007-04-20 07:54:02 -------- d-----w C:\Program Files\Lexmark X1100 Series
2007-04-19 21:12:59 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-18 20:17:23 -------- d-----w C:\Program Files\Google
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 04:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 04:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-12 04:24:59 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-10 12:08:33 36 ----a-w C:\WINDOWS\system32\sfc.dat
2007-04-09 18:54:04 -------- d-----w C:\DOCUME~1\JUELLH~1.000\APPLIC~1\Google
2007-04-06 19:27:01 139,264 ----a-w C:\TTC.dll
2007-04-02 19:41:18 167 ----a-w C:\WINDOWS\system32\5580.bat
2007-04-02 19:40:57 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-04-02 19:40:18 0 ----a-w C:\WINDOWS\system32\taskkill.exe
2007-04-02 19:39:43 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 12:53]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 21:02]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 15:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 17:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-01-22 12:20]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-01-22 12:20]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 04:43]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 15:13]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 11:00]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 03:52]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 03:52]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"nwiz"="nwiz.exe" [2002-10-01 01:39 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="NvQTwk" []
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 21:40]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 10:01]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 23:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [2006-06-06 12:38]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-26 21:21]
"NVIEW"="nview.dll,nViewLoadHook" []
"DWHeartbeatMonitor"="C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe" []
"Desktop Weather 3"="C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Common Files\proprypr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-05-28 14:20:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-04 23:18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-04 23:24:17
C:\ComboFix-quarantined-files.txt ... 2007-06-04 23:24

--- E O F ---

Edited by jeyh87, 04 June 2007 - 11:40 PM.


#7 jeyh87

jeyh87
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:01:39 PM

Posted 04 June 2007 - 11:41 PM

And here is my new HijackThis Log...


Logfile of HijackThis v1.99.1
Scan saved at 11:32:03 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\ComboFix\14169.cfexe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Juell.HOME.000\My Documents\myprograms\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B76EB02-AF64-44C7-B6E6-3EB7D60896C3}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VetMsgNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#8 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:39 PM

Posted 05 June 2007 - 07:38 PM

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Microsoft MVP Consumer Security--2007-2010

#9 jeyh87

jeyh87
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:01:39 PM

Posted 06 June 2007 - 11:56 PM

Ok, Here is the SUPERAntiSpyware Log...

--------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/06/2007 at 11:33 PM

Application Version : 3.8.1002

Core Rules Database Version : 3249
Trace Rules Database Version: 1260

Scan type : Complete Scan
Total Scan Time : 04:50:15

Memory items scanned : 363
Memory threats detected : 0
Registry items scanned : 5311
Registry threats detected : 3
File items scanned : 371581
File threats detected : 262

Browser Hijacker.Apropos Media/PeopleOnPage
HKLM\Software\Classes\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409

Adware.Tracking Cookie
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@hitbox[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@realmedia[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@media.adrevolver[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@directtrack[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@partygaming.122.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@anat.tacoda[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@adlegend[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@4.adbrite[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@enhance[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@3.adbrite[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@precisionclick[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@entrepreneur[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@linksynergy[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@trafficmp[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@advertising[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ehg-maniatv.hitbox[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@indiads[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ad.yieldmanager[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@casalemedia[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@tribalfusion[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@adopt.specificclick[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@fr.sitestat[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ads.adbrite[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@a.websponsors[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@login.tracking101[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@anad.tacoda[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@count4.exitexchange[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@doubleclick[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@msnportal.112.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@fr.sitestat[3].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@adopt.euroclick[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@atdmt[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@fastclick[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@roiservice[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@cpvfeed[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@tremor.adbureau[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@buzznet.112.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ad.adserverplus[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@specificclick[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@fr.sitestat[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@adrevolver[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@revsci[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@mediaplex[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@toplist[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@marthastewart.122.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@publishers.clickbooth[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@zedo[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ads.pointroll[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@server.iad.liveperson[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@adbrite[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@2o7[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@heavycom.122.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ads.revsci[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@www.burstnet[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@partypoker[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@stats1.reliablestats[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ads.addynamix[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@statcounter[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@www.burstbeacon[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@exitexchange[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@lynxtrack[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ehg-fxcm.hitbox[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@webstat[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@server.iad.liveperson[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@superstats[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@thatsmyad.112.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@findwhat[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@imrworldwide[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@questionmarket[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@ads.k8l[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@reduxads.valuead[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@goalfinancial.112.2o7[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@clickbank[1].txt
C:\Documents and Settings\Juell.HOME.000\Cookies\juell@tacoda[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@ad.ir[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@ad.reunion[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@ad.tbn[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@adinterax[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@adopt.hbmediapro[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@ads.cc214142[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@ads.cjbmanagement[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@atwola[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@azjmp[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@banner[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@c3.gostats[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@cassava[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@coolsavings[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@dist.belnk[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@etype.adbureau[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@mediaplayer[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@nextag[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@optimost[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@partner2profit[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@partypoker[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@roiservice[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@stats24[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@ww3.shoshkeles[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@www.azoogleads[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@www.entrepreneur[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@www.screensavers[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@www.sexalicious[2].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@www.sphosting-adserver[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@www.thebestbannerexchange[1].txt
C:\Documents and Settings\Joan.FAMILY\Cookies\joan@www.ticketsnow[1].txt
C:\Documents and Settings\Joan.YOUR-KYBTG65GXE\Cookies\joan@ad.reunion[1].txt
C:\Documents and Settings\Joan.YOUR-KYBTG65GXE\Cookies\joan@atwola[1].txt
C:\Documents and Settings\Joan.YOUR-KYBTG65GXE\Cookies\joan@exitexchange[1].txt
C:\Documents and Settings\Juell\Cookies\juell@www2.yesadvertising[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@ad.reunion[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@ads.addesktop[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@ads.cjbmanagement[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@ads.ezboard[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@atwola[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@c3.gostats[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@creativeby.viewpoint[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@dist.belnk[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@mediaplayer[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@nextag[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@partner2profit[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@partypoker.touchclarity[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@partypoker[2].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@soundclick[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@ww3.shoshkeles[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@www.coolcounters[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@www.entrepreneur[1].txt
C:\Documents and Settings\Juell.FAMILY\Cookies\juell@www.sexalicious[1].txt
C:\Documents and Settings\Juell.YOUR-KYBTG65GXE\Cookies\juell@c3.gostats[2].txt
C:\Documents and Settings\Juell.YOUR-KYBTG65GXE\Cookies\juell@exitexchange[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@123-counter-com[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@accelerator-media[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ad.ir[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@adopt.hbmediapro[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@adprofile[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.adsag[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.cjbmanagement[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.euniverseads[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.ezboard[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.jackpot[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.monster[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads.realcastmedia[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ads2.blastro[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@adverts[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@as-eu.falkag[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@banner[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@bigbanners[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@c2.gostats[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@click-fr[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@commission-junction[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@counter.fateback[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@counter.superstats[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@eboz[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ehg-bebe.hitbox[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ehg-communityconnect.hitbox[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ehg-guess.hitbox[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ehg-kodak.hitbox[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ehg-mtv.hitbox[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@ehg-wetseal.hitbox[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@emarketmakers[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@etype.adbureau[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@focalex[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@gostats[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@icc.intellisrv[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@image.masterstats[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@intellisrv[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@linksynergy[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@media3.sitebrand[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@mediaplayer[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@mediaplayer[3].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@mvtracker[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@oddcast[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@optimost[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@partypoker[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@qksrv[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@qnsr[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@starware[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@stats-tracking[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@tdstats[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@track.websitetrafficreport[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@vhost.oddcast[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.123-counter[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.123counter[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.ashleemedia[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.coolcounters[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.degreesforadults[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.dgm2[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.entrepreneur[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.realcastmedia[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.screensavers[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.sexalicious[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.sexy-sugah[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www.zanox-affiliate[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www1.paypopup[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www10.paypopup[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www2.paypopup[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www4.paypopup[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www5.paypopup[2].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www6.paypopup[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@www7.paypopup[1].txt
C:\Documents and Settings\Owner.FAMILY.000\Cookies\owner@yadro[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@ad.bannerconnect[2].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@adserver3.teracent[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@cdn.euroclick[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@livenation.122.2o7[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner.HOME\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@adknowledge[1].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@ads.monster[1].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@adserver[2].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@adultfriendfinder[1].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@media.putfile[1].txt
C:\Documents and Settings\Owner.HOME\Local Settings\Temp\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@ad.weatherbug[1].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@c5.zedo[2].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@ehg-communityconnect.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@icc.intellisrv[2].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@intellisrv[1].txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE\Cookies\owner@techtracker[2].txt

Adware.180solutions/ZangoSearch
C:\PROGRAM FILES\COMMON FILES\CSSHARE\PLUGINS\NPCLNTAX.DLL

Adware.k8l
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\PROPRYPR.HTML.VIR

Unclassified.MSW
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP12\A0000785.EXE

Trojan.ZQuest
C:\TTC.DLL

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:39 PM

Posted 07 June 2007 - 08:28 PM

How is everything running???
Microsoft MVP Consumer Security--2007-2010

#11 jeyh87

jeyh87
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago
  • Local time:01:39 PM

Posted 08 June 2007 - 10:26 AM

Everything is running a little bit smoother... only time will tell if i get anymore "invisible pop-ups"

Thank you so, so much for all of your time and help. It was very appreciated! :thumbsup:

#12 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:39 PM

Posted 08 June 2007 - 11:00 AM

Your Welcome!!!! :thumbsup:

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  • Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  • If you don't have a Firewall installed, please choose from the following:
  • If you don't have a Anti-Virus installed, please download the following free program:
  • Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  • Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown
    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  • Anti-Spyware Programs I Recommend:
  • For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]

Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users