Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please


  • Please log in to reply
34 replies to this topic

#1 sbrntx

sbrntx

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 06 June 2007 - 09:03 AM

I am by all accounts...computer stupid... but after several attempts I managed to do a hijackthis log. Could someone please look at it and tell me what I need to do get my computer to stop messing up. It's very slow connecting to the internet and I can't watch videos. I think somethings in here that shouldn't be. Thanks in advance, Sherry



Logfile of HijackThis v1.99.1
Scan saved at 8:22:21 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\DOCUME~1\Riley\LOCALS~1\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:26 AM

Posted 11 June 2007 - 07:15 PM

Hello sbrntx and welcome to the BC HijackThis forum. It looks like there is something called a zlob infection. Let's see if we can remove it. Please print these directions and then proceed with the following steps in order.

Step #1

Download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Step #2

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Step #3

Post the following back here:
  • the C:\rapport.txt file from the smitfraudfix scan
  • the WinPFind3u log file
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 sbrntx

sbrntx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 24 June 2007 - 10:46 PM

OT...I had no idea that you had responded to my post...things have gone from bad to worse. I have run my defender pro anti virus and it has detected a trojan and it's unable to disinfect it! This is some of what the report from DP says:



C:\Documents and settings\Riley\local settings\temp\wr-1-200021...is a trojan
C:\Documents and settings\Riley\local settings\temp\wr-1-200021...objest could not be disinfected
C:\WINDOWS\onckunaA.exe is a trojan downloader
C:\WINDOWS\onckunaA.exe object could not be disenfected
C:\WINDOWS\system32\G3\wr620.exe is a trojan dropp...
C:\WINDOWS\system32\G3\wr620.exe object could not be disenfected
C:\WINDOWS\system32\G5\bk53.exe is a trojan dropp...
C:\WINDOWS\system32\G5\bk53.exe object could not be disenfected
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe is a trojan downloader
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe object could not be disenfected
C:\Documentsand settings\Riley|Local Settings\Temp\wr-1-200021 is a trojan downloader
C:\Documentsand settings\Riley|Local Settings\Temp\wr-1-200021 moved to the backup sto...
C:\Documentsand settings\Riley|Local Settings\Temp\wr-1-200021 deleted
C:\WINDOWS\onckunaA.exe is a trojan downloader
C:\WINDOWS\onckunaA.exe moved to the backup sto...
C:\WINDOWS\onckunaA.exe deleted
C:\WINDOWS\system32\G3\wr620.exe is a trojan downloader
C:\WINDOWS\system32\G3\wr620.exe moved to the backup sto...
C:\WINDOWS\system32\G3\wr620.exe deleted
C:\WINDOWS\system32\G5\bk53.exe is a trojan dropp...
C:\WINDOWS\system32\G5\bk53.exe moved to the backup sto...
C:\WINDOWS\system32\G5\bk53.exe deleted
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe is a trojan downloader
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe moved to the backup sto...
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe deleted

I'm not sure what has been deleted and what hasn't. What should I do now?
Thanks,
Sherry
C:\WINDOWS\system32\
C:\WINDOWS\system32\

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:26 AM

Posted 25 June 2007 - 03:52 AM

Hi sbrntx. Follow the directions in my post above.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 sbrntx

sbrntx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 25 June 2007 - 08:34 AM

Hi OT,
I downloaded SmitfraudFix.exe and followed your instructions. But when I go into safe mode and into my regular accout all I have is a black screen, safe mode in every corner, and a white arrow...nothing else comes up.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:26 AM

Posted 25 June 2007 - 03:05 PM

Hi sbrntx. Skip that step and do the rest then.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 sbrntx

sbrntx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 25 June 2007 - 05:56 PM

Finally!!!!!!!! I got it to work...just had to be quicker than the flash.
So here is is doll...and thanks so much

SmitFraudFix v2.195

Scan done at 17:29:21.98, Mon 06/25/2007
Run from C:\Documents and Settings\Riley\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\DOCUME~1\Riley\FAVORI~1\Online Security Test.url Deleted

DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 66.82.4.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F7838824-CFE0-4E36-AD79-D5818E4C6DED}: DhcpNameServer=192.168.2.1 66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F7838824-CFE0-4E36-AD79-D5818E4C6DED}: DhcpNameServer=192.168.2.1 66.82.4.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F7838824-CFE0-4E36-AD79-D5818E4C6DED}: DhcpNameServer=192.168.2.1 66.82.4.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 66.82.4.8
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 66.82.4.8


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End







WinPFind3 logfile created on: 6/25/2007 5:41:21 PM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Riley\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247.48 Mb Total Physical Memory | 109.52 Mb Available Physical Memory | 44.25% Memory free
606.36 Mb Paging File | 528.15 Mb Available in Paging File | 87.10% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 85.90 Gb Free Space | 76.84% Space Free
Drive D: | 35.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-ZR0DB6N7RW
Current User Name: Riley
Logged in as Administrator.
Cannot determine boot mode.


[Processes - Non-Microsoft Only]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found
(kavsvc) kavsvc [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 917610 bytes | Modified Date = 10/20/2005 9:48:24 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Stopped] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 6:00:02 PM | Attr = ]
(lxct_device) lxct_device [Win32_Own | Auto | Stopped] -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 12/13/2006 10:17:26 PM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.94 | Size = 294912 bytes | Modified Date = 12/13/2006 10:17:02 PM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.89 | Size = 880640 bytes | Modified Date = 1/16/2007 12:44:48 PM | Attr = ]
(stllssvr) stllssvr [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.455 | Size = 73728 bytes | Modified Date = 1/15/2007 8:05:30 AM | Attr = R ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
103 -> -> File not found
DPAS -> %ProgramFiles%\DefenderPro AntiSpy\DPASNT.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 532480 bytes | Modified Date = 4/29/2005 5:17:20 AM | Attr = ]
DPASUpdate -> %ProgramFiles%\DefenderPro AntiSpy\DPASAutoUpdate.exe -> File not found
EzPrint -> %ProgramFiles%\Lexmark 5400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.15.0.0 | Size = 82864 bytes | Modified Date = 11/22/2006 4:11:24 AM | Attr = ]
FaxCenterServer4_in_1 -> %ProgramFiles%\Lexmark 4200 Series\Fax\fm3032.exe -> [Ver = | Size = 151552 bytes | Modified Date = 1/22/2004 11:59:10 AM | Attr = ]
KAVPersonal50 -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kav.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 387687 bytes | Modified Date = 10/21/2005 4:21:14 AM | Attr = ]
Lexmark 4200 Series -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 5:04:08 AM | Attr = ]
Lexmark 5400 Series Fax Server -> %ProgramFiles%\Lexmark 5400 Series\fm3032.exe -> [Ver = 0.1.4.1 | Size = 304048 bytes | Modified Date = 11/22/2006 4:12:08 AM | Attr = ]
LXCTCATS -> %System32%\spool\drivers\w32x86\3\lxcttime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16] -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 7:27:06 AM | Attr = ]
lxctmon.exe -> %ProgramFiles%\Lexmark 5400 Series\lxctmon.exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 11/22/2006 4:11:22 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 5:50:42 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
RecoverFromReboot -> %SystemRoot%\Temp\RecoverFromReboot.exe -> Motive Communications, Inc. [Ver = 1,0,1,5 | Size = 151552 bytes | Modified Date = 7/8/2003 6:41:48 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Roxio [Ver = 9.0.5.25 | Size = 1121016 bytes | Modified Date = 11/15/2006 9:05:00 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/9/2006 4:12:48 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ]
%AllUsersStartup%\Defender Pro Firewall.lnk -> %ProgramFiles%\Defender Pro\Defender Pro Firewall\KAVPF.exe -> Defender Pro LLC [Ver = 1.8.0.180 | Size = 1224319 bytes | Modified Date = 9/27/2005 5:31:30 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
gebyv -> %System32%\gebyv.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/23/2007 8:59:58 AM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/29/2004 9:13:24 PM | Attr = ]
jkkhebb -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{0A1674EF-D01F-4432-A613-1AF593CA5827} [HKLM] -> %System32%\gebyv.dll [Reg Data - Value does not exist] -> [Ver = | Size = 266336 bytes | Modified Date = 6/23/2007 8:59:58 AM | Attr = ]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{54622BD0-DB10-4CB3-8977-C34077CBB411} [HKLM] -> %ProgramFiles%\MSN Gaming Zone\qurozub83122.dll [] -> [Ver = | Size = 163840 bytes | Modified Date = 6/18/2007 1:59:56 PM | Attr = ]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} [HKLM] -> %ProgramFiles%\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll [CPub Object] -> Osborn Technologies, Inc. [Ver = 3.0 | Size = 262144 bytes | Modified Date = 11/22/2004 5:31:52 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [Reg Data - Value does not exist] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [MenuText: Sun Java Console] -> JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 1/1/2004 7:34:00 AM | Attr = ]
{0D555BC6-E331-48b3-A60E-AAC0DF79438A} -> Reg Data - Value does not exist [ButtonText: Popup Blocker] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 8/21/2006 3:22:00 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5C864DA1-AEBA-43DE-AC7A-30390B4800D5} -> () ->
{F7838824-CFE0-4E36-AD79-D5818E4C6DED} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/9/b...heckControl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1182717650421 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{B9191F79-5613-4C76-AA2A-398534BB8999} -> - CodeBase = http://download.yahoo.com/dl/installs/yab_af.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->


[Files/Folders - Created Within 30 days]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 6/24/2007 6:48:05 PM | Attr = ]
cs_cache.ini -> %SystemRoot%\cs_cache.ini -> [Ver = | Size = 16544 bytes | Created Date = 6/23/2007 7:56:03 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\cs_cache.ini:KAVICHS ->
DLA.EXE -> %SystemRoot%\DLA.EXE -> Roxio [Ver = 9.05.10a | Size = 92920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\DLA.EXE:KAVICHS ->
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 6/24/2007 3:21:05 PM | Attr = S]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 6/24/2007 3:51:11 PM | Attr = H ]
rau001978.exe -> %SystemRoot%\rau001978.exe -> [Ver = | Size = 34816 bytes | Created Date = 6/23/2007 7:55:18 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\rau001978.exe:KAVICHS ->
tcb.pmw -> %SystemRoot%\tcb.pmw -> [Ver = | Size = 45 bytes | Created Date = 6/23/2007 7:55:12 AM | Attr = ]
@Alternate Data Stream - 68 bytes -> %SystemRoot%\tcb.pmw:KAVICHS ->
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 6/20/2007 3:57:06 PM | Attr = ]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\tasks\AppleSoftwareUpdate.job:KAVICHS ->
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 6/23/2007 8:02:19 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\ClickToFindandFixErrors_US.ico:KAVICHS ->
DLA -> %System32%\DLA -> [Folder | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DLAAPI_W.DLL -> %System32%\DLAAPI_W.DLL -> [Ver = | Size = 56056 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\DLAAPI_W.DLL:KAVICHS ->
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
G1 -> %System32%\G1 -> [Folder | Created Date = 6/23/2007 5:15:57 PM | Attr = ]
G2 -> %System32%\G2 -> [Folder | Created Date = 6/23/2007 5:15:57 PM | Attr = ]
G3 -> %System32%\G3 -> [Folder | Created Date = 6/23/2007 5:15:57 PM | Attr = ]
G4 -> %System32%\G4 -> [Folder | Created Date = 6/23/2007 5:15:57 PM | Attr = ]
G5 -> %System32%\G5 -> [Folder | Created Date = 6/23/2007 5:15:57 PM | Attr = ]
gebyv.dll -> %System32%\gebyv.dll -> [Ver = | Size = 266336 bytes | Created Date = 6/23/2007 7:59:56 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\gebyv.dll:KAVICHS ->
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Created Date = 6/23/2007 7:54:40 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\jkkhebb.dll:KAVICHS ->
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Created Date = 6/21/2007 1:10:34 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\LexFiles.ulf:KAVICHS ->
lxct.loc -> %System32%\lxct.loc -> [Ver = | Size = 1811 bytes | Created Date = 6/21/2007 1:10:06 PM | Attr = R ]
lxctcoin.dll -> %System32%\lxctcoin.dll -> [Ver = | Size = 344064 bytes | Created Date = 6/21/2007 1:10:07 PM | Attr = R ]
LXCTFXPU.DLL -> %System32%\LXCTFXPU.DLL -> [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\LXCTFXPU.DLL:KAVICHS ->
LXCThcp.dll -> %System32%\LXCThcp.dll -> [Ver = 99.99.99.99 | Size = 323584 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
@Alternate Data Stream - 100 bytes -> %System32%\LXCThcp.dll:KAVICHS ->
LXCTinst.dll -> %System32%\LXCTinst.dll -> [Ver = | Size = 274432 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\LXCTinst.dll:KAVICHS ->
lxctpmon.dll -> %System32%\lxctpmon.dll -> [Ver = 0.1.35.8 | Size = 45056 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\lxctpmon.dll:KAVICHS ->
lxctpmrc.dll -> %System32%\lxctpmrc.dll -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 6/21/2007 1:14:04 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\lxctpmrc.dll:KAVICHS ->
o02PrEz -> %System32%\o02PrEz -> [Folder | Created Date = 6/23/2007 5:15:57 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
SONYHCY.DLL -> %System32%\SONYHCY.DLL -> Sony Corporation [Ver = 1.00.0628 | Size = 53248 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\SONYHCY.DLL:KAVICHS ->
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
vybeg.bak1 -> %System32%\vybeg.bak1 -> [Ver = | Size = 6369 bytes | Created Date = 6/23/2007 8:00:15 AM | Attr = HS]
@Alternate Data Stream - 36 bytes -> %System32%\vybeg.bak1:KAVICHS ->
vybeg.ini -> %System32%\vybeg.ini -> [Ver = | Size = 20420 bytes | Created Date = 6/23/2007 8:00:01 AM | Attr = HS]
@Alternate Data Stream - 228 bytes -> %System32%\vybeg.ini:KAVICHS ->
vybeg.ini2 -> %System32%\vybeg.ini2 -> [Ver = | Size = 20582 bytes | Created Date = 6/24/2007 7:14:29 PM | Attr = HS]
vybeg.tmp -> %System32%\vybeg.tmp -> [Ver = | Size = 20480 bytes | Created Date = 6/24/2007 7:14:14 PM | Attr = HS]
@Alternate Data Stream - 68 bytes -> %System32%\vybeg.tmp:KAVICHS ->
win -> %System32%\win -> [Folder | Created Date = 6/23/2007 5:15:57 PM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Created Date = 6/23/2007 7:55:10 AM | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72832 bytes | Created Date = 6/23/2007 7:55:08 AM | Attr = ]
DLACDBHM.SYS -> %System32%\drivers\DLACDBHM.SYS -> Roxio [Ver = local_build | Size = 12920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DLACDBHM.SYS:KAVICHS ->
DLARTL_M.SYS -> %System32%\drivers\DLARTL_M.SYS -> Roxio [Ver = local_build | Size = 28184 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DLARTL_M.SYS:KAVICHS ->
DRVMCDB.SYS -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 9.10.06a | Size = 99816 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DRVMCDB.SYS:KAVICHS ->
DRVNDDM.SYS -> %System32%\drivers\DRVNDDM.SYS -> Roxio [Ver = 9.05.01a | Size = 51768 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DRVNDDM.SYS:KAVICHS ->
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Created Date = 6/23/2007 10:51:41 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\FOPN.sys:KAVICHS ->
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:07 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\drivers\klick.sys:KAVICHS ->
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:08 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\drivers\klin.sys:KAVICHS ->
sonyhcb.sys -> %System32%\drivers\sonyhcb.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 6097 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonyhcb.sys:KAVICHS ->
sonyhcc.sys -> %System32%\drivers\sonyhcc.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 38739 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonyhcc.sys:KAVICHS ->
Sonyhcp.dll -> %System32%\drivers\Sonyhcp.dll -> [Ver = | Size = 3654 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\Sonyhcp.dll:KAVICHS ->
sonyhcs.sys -> %System32%\drivers\sonyhcs.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 299923 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonyhcs.sys:KAVICHS ->
sonypvs1.sys -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonypvs1.sys:KAVICHS ->

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = RHS]
@Alternate Data Stream - 228 bytes -> %SystemDrive%\boot.ini:KAVICHS ->
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/25/2007 4:43:56 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/25/2007 8:37:22 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/25/2007 5:01:06 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/24/2007 11:54:48 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/23/2007 8:55:22 AM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/25/2007 5:01:04 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 6/24/2007 7:56:36 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/25/2007 5:26:32 PM | Attr = S]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\bootstat.dat:KAVICHS ->
cs_cache.ini -> %SystemRoot%\cs_cache.ini -> [Ver = | Size = 16544 bytes | Modified Date = 6/23/2007 9:09:24 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\cs_cache.ini:KAVICHS ->
D9H7ADHB.ocx -> %SystemRoot%\D9H7ADHB.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/25/2007 4:47:36 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %SystemRoot%\D9H7ADHB.ocx:KAVICHS ->
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/24/2007 7:48:14 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/21/2007 10:42:52 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 6/24/2007 4:52:16 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/24/2007 4:34:18 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1891 bytes | Modified Date = 6/7/2007 5:52:10 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\imsins.BAK:KAVICHS ->
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/24/2007 7:48:06 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/25/2007 4:44:14 PM | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 6/23/2007 6:46:16 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %SystemRoot%\iun6002.exe:KAVICHS ->
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 483 bytes | Modified Date = 6/21/2007 1:08:20 PM | Attr = ]
@Alternate Data Stream - 132 bytes -> %SystemRoot%\lexstat.ini:KAVICHS ->
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 6/24/2007 4:52:32 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/23/2007 1:26:00 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\NeroDigital.ini:KAVICHS ->
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/16/2007 12:20:26 PM | Attr = ]
occache -> %SystemRoot%\occache -> [Folder | Modified Date = 6/24/2007 4:21:08 PM | Attr = S]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/25/2007 4:28:20 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/7/2007 11:59:46 PM | Attr = ]
rau001978.exe -> %SystemRoot%\rau001978.exe -> [Ver = | Size = 34816 bytes | Modified Date = 6/23/2007 8:55:20 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\rau001978.exe:KAVICHS ->
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 6/21/2007 10:38:46 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/21/2007 11:56:24 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/23/2007 10:21:18 AM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1035139 bytes | Modified Date = 6/24/2007 5:40:08 PM | Attr = ]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\setupapi.log.0.old:KAVICHS ->
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/5/2007 3:05:10 PM | Attr = ]
SoftwareDistribution to Sdold -> %SystemRoot%\SoftwareDistribution to Sdold -> [Folder | Modified Date = 6/24/2007 3:41:10 PM | Attr = S]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %SystemRoot%\system.ini:KAVICHS ->
system32 -> %System32% -> [Folder | Modified Date = 6/25/2007 5:31:12 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/20/2007 4:57:08 PM | Attr = S]
tcb.pmw -> %SystemRoot%\tcb.pmw -> [Ver = | Size = 45 bytes | Modified Date = 6/23/2007 8:55:42 AM | Attr = ]
@Alternate Data Stream - 68 bytes -> %SystemRoot%\tcb.pmw:KAVICHS ->
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/25/2007 5:32:20 PM | Attr = ]
tsiwinfile.dat -> %SystemRoot%\tsiwinfile.dat -> [Ver = | Size = 64 bytes | Modified Date = 6/23/2007 6:46:58 PM | Attr = ]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\tsiwinfile.dat:KAVICHS ->
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 629 bytes | Modified Date = 6/25/2007 4:47:38 PM | Attr = ]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\win.ini:KAVICHS ->
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 312 bytes | Modified Date = 6/21/2007 10:48:40 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\wininit.ini:KAVICHS ->
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/21/2007 10:45:40 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 6/21/2007 10:38:18 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\WMSysPr9.prx:KAVICHS ->
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/24/2007 11:20:06 AM | Attr = ]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\tasks\AppleSoftwareUpdate.job:KAVICHS ->
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/25/2007 4:47:10 PM | Attr = H ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\tasks\SA.DAT:KAVICHS ->
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/24/2007 5:41:40 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/24/2007 7:48:04 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 6/23/2007 9:02:20 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\ClickToFindandFixErrors_US.ico:KAVICHS ->
config -> %System32%\config -> [Folder | Modified Date = 6/6/2007 5:13:04 PM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Modified Date = 6/21/2007 10:50:30 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/25/2007 4:29:56 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 363320 bytes | Modified Date = 6/21/2007 10:50:26 PM | Attr = ]
@Alternate Data Stream - 132 bytes -> %System32%\FNTCACHE.DAT:KAVICHS ->
G1 -> %System32%\G1 -> [Folder | Modified Date = 6/23/2007 6:15:58 PM | Attr = ]
G2 -> %System32%\G2 -> [Folder | Modified Date = 6/23/2007 6:15:58 PM | Attr = ]
G3 -> %System32%\G3 -> [Folder | Modified Date = 6/24/2007 10:01:34 PM | Attr = ]
G4 -> %System32%\G4 -> [Folder | Modified Date = 6/23/2007 6:15:58 PM | Attr = ]
G5 -> %System32%\G5 -> [Folder | Modified Date = 6/24/2007 10:01:34 PM | Attr = ]
gebyv.dll -> %System32%\gebyv.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/23/2007 8:59:58 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\gebyv.dll:KAVICHS ->
HAF9SE8J.ocx -> %System32%\HAF9SE8J.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/25/2007 4:47:36 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\HAF9SE8J.ocx:KAVICHS ->
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\jkkhebb.dll:KAVICHS ->
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Modified Date = 6/21/2007 2:14:44 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\LexFiles.ulf:KAVICHS ->
o02PrEz -> %System32%\o02PrEz -> [Folder | Modified Date = 6/24/2007 10:01:34 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 61258 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\perfc009.dat:KAVICHS ->
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401084 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\perfh009.dat:KAVICHS ->
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 457628 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\PerfStringBackup.INI:KAVICHS ->
Restore -> %System32%\Restore -> [Folder | Modified Date = 6/24/2007 11:54:50 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3644 bytes | Modified Date = 6/25/2007 5:29:38 PM | Attr = ]
vybeg.bak1 -> %System32%\vybeg.bak1 -> [Ver = | Size = 6369 bytes | Modified Date = 6/23/2007 9:00:16 AM | Attr = HS]
@Alternate Data Stream - 36 bytes -> %System32%\vybeg.bak1:KAVICHS ->
vybeg.ini -> %System32%\vybeg.ini -> [Ver = | Size = 20420 bytes | Modified Date = 6/24/2007 8:13:44 PM | Attr = HS]
@Alternate Data Stream - 228 bytes -> %System32%\vybeg.ini:KAVICHS ->
vybeg.ini2 -> %System32%\vybeg.ini2 -> [Ver = | Size = 20582 bytes | Modified Date = 6/25/2007 5:31:12 PM | Attr = HS]
vybeg.tmp -> %System32%\vybeg.tmp -> [Ver = | Size = 20480 bytes | Modified Date = 6/24/2007 8:14:16 PM | Attr = HS]
@Alternate Data Stream - 68 bytes -> %System32%\vybeg.tmp:KAVICHS ->
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
win -> %System32%\win -> [Folder | Modified Date = 6/23/2007 6:15:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/25/2007 5:27:08 PM | Attr = ]
@Alternate Data Stream - 228 bytes -> %System32%\wpa.dbl:KAVICHS ->
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Modified Date = 6/23/2007 8:55:12 AM | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72832 bytes | Modified Date = 6/23/2007 8:55:10 AM | Attr = ]
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Modified Date = 6/23/2007 11:51:42 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\FOPN.sys:KAVICHS ->

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 36 bytes -> %SystemDrive%\00000000.MCQ:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\aolconnfix.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\aolconnfix.txt:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemDrive%\boot.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\dlbt.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\jetscan.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\lxct.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\T4Metrics.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\YServer.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\alcrmv.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\alcupd.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\AM_D8.PRF:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\aolback.exe.lnk:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\atid.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\avrack.ini:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\bdoscandel.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\bdoscandellang.ini:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\BigFixClientOverride.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Blue Lace 16.bmp:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\bootstat.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\chipset.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\clock.avi:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\cmsetacl.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Coffee Bean.bmp:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\COM+.log:KAVICHS ->
@Alternate Data Stream - 132 bytes -> %SystemRoot%\comsetup.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\cs_cache.ini:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\D9H7ADHB.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\dahotfix.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\dasetup.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\DefenderPro AntiSpy Setup Log.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\dellstat.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\DirectX.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\DLA.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\DtcInstall.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\explorer.scf:KAVICHS ->
@Alternate Data Stream - 164 bytes -> %SystemRoot%\FaxSetup.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\FeatherTexture.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Gone Fishing.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Greenstone.bmp:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\hpiins02.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\ICONS.vbs:KAVICHS ->
@Alternate Data Stream - 164 bytes -> %SystemRoot%\IDNMitigationAPIs.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\IE4 Error Log.txt:KAVICHS ->
@Alternate Data Stream - 164 bytes -> %SystemRoot%\ie7.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\ie7Uninst.log:KAVICHS ->
@Alternate Data Stream - 196 bytes -> %SystemRoot%\ie7_main.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\iereseticons.log:KAVICHS ->
@Alternate Data Stream - 164 bytes -> %SystemRoot%\iis6.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\imsins.BAK:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\imsins.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\intelinet.bmp:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\IsUninst.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\iun6002.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\jautoexp.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB810217.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB822603.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB823182.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB824105.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB824141.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB825119.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB826939.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB828028.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB828035.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB828741.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB833407.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB833987.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB835732.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB837001.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB839643-DirectX9.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB839645.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB840315.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB840374.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB840987.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB841356.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB841533.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB841873.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB842773.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB871250.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB873333.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB873339.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB873376.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB883939-IE6SP1-20050428.125228.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB883939.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB885250.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB885492.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB885626.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB885835.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB885836.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB886185.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB887472.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB887742.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB888113.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB888302.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB890046.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB890175.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB890859.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB890923-IE6SP1-20050225.103456.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB891781.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB893066.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB893086.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB893756.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB893803.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB893803v2.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB894391.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB896358.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB896422.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB896423.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB896424.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB896426.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB896428.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB896688.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB896727.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB897715-OE6SP1-20050503.210336.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB898461.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB899587.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB899588.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB899591.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB900485.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB900725.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB901017.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB901214.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB902400.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB904706.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB904942.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB905414.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB905749.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB905915.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB908519.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB908531.log:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\KB910437.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB911280.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB911562.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB911564.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB911565.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB911567.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB911927.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB912812.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB912919.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB913446.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB913580.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB914388.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB914389.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB914440.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB915865.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB916281.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB916595.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB917159.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB917344.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB917422.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB917425.log:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\KB917734.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB917953.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB918118.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB918439.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB918899.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB919007.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB920213.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB920214.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB920670.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB920683.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB920685.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB920872.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB921398.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB921883.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB922582.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB922616.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB922819.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB923191.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB923414.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB923689.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB923694.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB923980.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB924191.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB924270.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB924496.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB924667.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB925398.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB925486.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB925902.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB926255.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB926436.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB927779.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB927802.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB927891.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB928090-IE7.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB928255.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB928843.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB929338.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\KB929969.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB930178.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB930916.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB931261.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB931768-IE7.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB931784.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB931836.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\KB932168.log:KAVICHS ->
@Alternate Data Stream - 132 bytes -> %SystemRoot%\lexstat.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\MailSwitch.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\mozregistry.dat:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\mozver.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\msdfmap.ini:KAVICHS ->
@Alternate Data Stream - 132 bytes -> %SystemRoot%\msgsocm.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\msoffice.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\NeroDigital.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\net2fone.ini:KAVICHS ->
@Alternate Data Stream - 164 bytes -> %SystemRoot%\NLSDownlevelMapping.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\nsreg.dat:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\ntbtlog.txt:KAVICHS ->
@Alternate Data Stream - 132 bytes -> %SystemRoot%\ntdtcsetup.log:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\ocgen.log:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\ocmsn.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\ODBC.INI:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\ODBCINST.INI:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\OEWABLog.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\patch.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\patchw32.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\Prairie Wind.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Q327979.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Q811114.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Q828026.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\QFE.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\rau001978.exe:KAVICHS ->
UPX! , UPX0 , -> %SystemRoot%\rau001978.exe -> [Ver = | Size = 34816 bytes | Modified Date = 6/23/2007 8:55:20 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\regopt.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Rhododendron.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\River Sumida.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Santa Fe Stucco.bmp:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\SchedLgU.Txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\sessmgr.setup.log:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\setupact.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\setupapi.log:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\setupapi.log.0.old:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\setuperr.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\setuplog.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\slrundll.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\smscfg.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Soap Bubbles.bmp:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\SOUNDMAN.EXE:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\spupdsvc.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\svcpack.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\SYMEVENT.LOG:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\system.ini:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\tcb.pmw:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\TrueInstall.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\TrueProcess.exe:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\tsiwinfile.dat:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\tsoc.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\twain.dll:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %SystemRoot%\twain_32.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\twunk_16.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\twunk_32.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\uninst.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\updspapi.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\vb.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\vbaddin.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\vminst.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\WalmartMusicDownloads.ico:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\WgaNotify.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\wiadebug.log:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\wiaservc.log:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\win.ini:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\winamp.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Windows Update.log:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\WindowsUpdate.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\wininit.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\winnt.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\winnt256.bmp:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\wmsetup.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\wmsetup10.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\WMSysPr9.prx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\WMSysPrx.prx:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\wr.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\xpsp1hfm.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\yacs.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\Zapotec.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\_default.pif:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %SystemRoot%\tasks\AppleSoftwareUpdate.job:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\tasks\SA.DAT:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\tasks\Symantec NetDetect.job:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\$ncsp$.inf:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\$winnt$.inf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\12520437.cpx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\12520850.cpx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\a3d.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\aamd532.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\acelpdec.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ActSkn43.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ALSNDMGR.CPL:KAVICHS ->
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.03 | Size = 10435072 bytes | Modified Date = 8/20/2003 9:37:38 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\ALSNDMGR.WAV:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\amcompat.tlb:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\amstream.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ansi.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\append.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ati2cqag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ati2dvaa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ati2dvag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ati3d1ag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ati3duag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ativdaxx.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ativmvxx.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ativtmxx.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ativvaxx.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\atmfd.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\atmlib.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\Audio3D.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\AUTOEXEC.NT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\bios1.rom:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\bios4.rom:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\bopomofo.uce:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbCleanRoxio.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CDDBControl.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CDDBControlRoxio.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbFileTaggerRoxio.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbLangDE.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbLangES.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbLangFR.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbLangIT.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbLangJA.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbLangNL.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbMusicIDRoxio.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbPlaylist2Roxio.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CDDBUI.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CDDBUIRoxio.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CddbWOManagerRoxio.dll:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\cdral.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\cdrtc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\certmgr.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ciadv.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ClickToFindandFixErrors_US.ico:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\cliconf.chm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\cmmgr32.hlp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\cmos.ram:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\cnvshell.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\command.com:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\compatui.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\compmgmt.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CONFIG.NT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\country.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ctype.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_037.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10000.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_10004.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_10005.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10006.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10007.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10010.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10017.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_10021.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10029.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10079.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10081.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_10082.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1026.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1250.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1251.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1252.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1253.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1254.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1255.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1256.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1257.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_1258.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_20127.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_20261.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_20866.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_20905.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_21866.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_28591.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_28592.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_28593.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\C_28594.NLS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\C_28595.NLS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\C_28596.NLS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\C_28597.NLS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_28598.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_28599.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_28603.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_28605.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_437.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_500.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_708.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_720.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_737.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_775.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_850.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_852.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_855.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_857.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_860.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_861.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_862.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_863.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_864.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_865.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_866.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_869.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_874.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_875.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_932.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_936.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_949.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\c_950.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dcache.bin:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\debug.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\defrag.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\devenum.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\devmgmt.msc:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\dfrg.msc:KAVICHS ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\dfrgfat.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\dfrgntfs.exe:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\dfrgres.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\dfrgsnap.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\dfrgui.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dgnet.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dgrpsetu.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dgsetup.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\diconxp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\diskmgmt.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\DLAAPI_W.DLL:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\dmadmin.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmconfig.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmdlgs.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmdskmgr.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmdskres.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmintf.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmremote.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmserver.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmutil.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmview.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dosx.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dsound.vxd:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dssec.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dvdplay.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\DVDRProX.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\dxmasf.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\edit.com:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\edit.hlp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\edlin.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ega.cpi:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\emptyregdb.dat:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\emver.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\encdec.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\EqnClass.Dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\esentprf.hxx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\esentprf.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\eula.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\eventvwr.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\exe2bin.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\fastopen.exe:KAVICHS ->
@Alternate Data Stream - 132 bytes -> %System32%\FNTCACHE.DAT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\fsmgmt.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\gb2312.uce:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\gebyv.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\geo.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\graphics.com:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\graphics.pro:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\HAF9SE8J.ocx:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\hccutils.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\himem.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\hkcmd.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\homepage.inf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\hpicon.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\HSFCI008.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\hsfcisp2.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\hticons.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\hypertrm.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\iac25_32.ax:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\iAlmCoIn_v3722.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ialmdd5.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ialmdev5.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ialmdnt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ialmgdev.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ialmgicd.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ialmrem.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ialmrnt5.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\iccvid.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\icpres.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\icrav03.rat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ideograf.uce:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %System32%\IE7Eula.rtf:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ieuinit.inf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxcfg.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\igfxcpl.cpl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxdev.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\igfxdgps.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxdiag.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxdo.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxeud.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\igfxexps.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxext.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhara.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxharb.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhchs.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhcht.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhcsy.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhdan.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhdeu.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhell.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxheng.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhenu.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhesp.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhfin.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhfra.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhfrc.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhheb.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhhun.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhita.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhjpn.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhk.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhkor.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhnld.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhnor.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhplk.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhptb.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhptg.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhrus.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhsve.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhtha.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxhtrk.lhp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxpph.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrara.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrarb.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrchs.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrcht.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrcsy.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrdan.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrdeu.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrell.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxreng.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrenu.lrc:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\igfxres.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxresp.lrc:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\igfxress.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrfin.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrfra.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrfrc.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrheb.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrhun.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrita.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrjpn.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrkor.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrnld.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrnor.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrplk.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrptb.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrptg.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrrus.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrsve.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrtha.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxrtrk.lrc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxsrvc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\igfxtray.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\imagr5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\imagx5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ImagXpr5.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\Inetwh32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\instcat.sql:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\INSTMON.EXE:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ir32_32.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ir41_32.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ir41_qc.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ir41_qcx.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\ir50_32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ir50_qc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ir50_qcx.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\isrdbg32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ISUSPM.cpl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ivfsrc.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\Jasc Paint Shop Photo Album.scr:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\java.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\javasup.vxd:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\javaw.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jgaw400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jgdw400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jgmd400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jgpl400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jgsd400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jgsh400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jkkhebb.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\jpicpl32.cpl:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\jupdate-1.5.0_06-b05.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\kanji_1.uce:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\kanji_2.uce:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\kb16.com:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\key01.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\keyboard.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\korean.uce:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\l3codeca.acm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\l3codecp.acm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\l3codecx.ax:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\LCodcCMP.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ldamfilt.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ldamfilt39.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\LEX2KUSB.DLL:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\LEXBCE.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LEXBCES.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LexFiles.ulf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LEXLMPM.DLL:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\LEXP2P32.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LEXPING.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LEXPPS.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\loadfix.com:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\locale.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lusrmgr.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBM.LOC:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMCFG.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxbmcinf.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxbmcoin.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxbmcoin.ini:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxbmcomm.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMCU.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMCUR.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMDRV.CNT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMDRV.HLP:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMIH.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMJSWR.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMLCNP.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMLCNT.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMLPA.CNT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMLPA.HLP:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMLSNT.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMMA.CNT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBMPMNT.DLL:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\lxbmpwr.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxbmscin.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\LXBMUTIL.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxbmvs.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBRPMON.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\LXBRPMRC.DLL:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\LXBRPMUI.DLL:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctcaps.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctcfg.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctcfg.exe:KAVICHS ->
Thawte Consulting , -> %System32%\lxctcfg.exe -> [Ver = 99.99.99.99 | Size = 381872 bytes | Modified Date = 11/22/2006 4:11:34 AM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\lxctcnv4.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctcomc.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctcomm.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctcoms.exe:KAVICHS ->
Thawte Consulting , -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\lxctcu.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctcub.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctcur.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctdrs.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\LXCTFXPU.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctgrd.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxcthbn3.dll:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\LXCThcp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxcthelp.chm:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctiesc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctih.exe:KAVICHS ->
Thawte Consulting , -> %System32%\lxctih.exe -> [Ver = 99.99.99.99 | Size = 385968 bytes | Modified Date = 11/22/2006 4:11:38 AM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\lxctinpa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctins.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctinsb.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctinsr.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\LXCTinst.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctjswr.dll:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\lxctlmpm.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctpmon.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctpmrc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctpmui.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctpplc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctprox.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctserv.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\lxctusb1.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctutil.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lxctvs.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\l_except.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\l_intl.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mciqtz32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mdmxsdk.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mdwmdmsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mem.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mib.bin:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mlang.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mlfcache.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mmdriver.inf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mpeg2data.ax:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\mpg2splt.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mscdexnt.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\msdmo.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\msdtcprf.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\msdtcprf.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\msdvbnp.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\msdxm.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\msdxmlc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\msencode.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\MSINET.DEP:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\MSINET.oca:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mtxparhd.dll:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\NeroCheck.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\net.hlp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\nlsfunc.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.chs:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.cht:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.deu:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.eng:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.enu:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.esn:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.fra:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.ita:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.nld:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.sve:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.tha:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\normidna.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\normnfc.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\normnfd.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\normnfkc.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\normnfkd.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\nscompat.tlb:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntbackup.chm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntbackup.hlp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntdos.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntdos404.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntdos411.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntdos412.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntdos804.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntimage.gif:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntio.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntio404.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntio411.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntio412.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntio804.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntmsmgr.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ntmsoprq.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\nv4_disp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\odbcconf.rsp:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\oembios.bin:KAVICHS ->
PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 2:42:54 PM | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\oembios.dat:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\oembios.sig:KAVICHS ->
@Alternate Data Stream - 132 bytes -> %System32%\oeminfo.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\OemLink.htm:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\OemLinkIcon.ico:KAVICHS ->
@Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 2956 bytes -> %System32%\OEMLOGO.BMP: Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 68 bytes -> %System32%\OEMLOGO.BMP:KAVICHS ->
@Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 36 bytes -> %System32%\OUTLPERF.H:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\OUTLPERF.INI:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\paqsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pcl.sep:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\perfc009.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perfci.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perfci.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perfd009.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perffilt.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perffilt.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perfh009.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perfi009.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\PerfStringBackup.INI:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perfwci.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\perfwci.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\picn20.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\pncrt.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\pndx5016.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\pndx5032.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\popup.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\proctexe.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\prodspec.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pschdcnt.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pschdprf.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pscript.sep:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\psisdecd.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\psisrndr.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pspascrrc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pubprn.vbs:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\Px.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\PxAFS.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pxdrv.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\PxMas.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\PxSFS.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\PxWave.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\pxwma.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\qcap.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\qdv.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\qdvd.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\qedit.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\qedwipes.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\quartz.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\QuickTime.qts:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\QuickTimeVR.qtx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\rasctrnm.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\rasctrs.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\redir.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\regwiz.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\regwizc.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\rmoc3260.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\roboex32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ROXECDC6Inst.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\rsaci.rat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\rsm.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\rsvp.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\rsvpcnts.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\s3gnb.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\sbe.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\secupd.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\secupd.sig:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\services.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\setup.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\setver.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\share.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\shiftjis.uce:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\SimpleRegistry.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slbcsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slbiop.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slbrccsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slcoinst.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slextspk.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slgen.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slrundll.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\slserv.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\sl_anet.acm:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\SONYHCY.DLL:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\sortkey.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\sorttbls.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\spnike.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\sprio600.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\sprio800.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\spupdwxp.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\spxcoins.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\sqlsodbc.chm:KAVICHS ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\Status.MPF:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\subrange.uce:KAVICHS ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 7:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 6:20:34 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\sysprint.sep:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\sysprtj.sep:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tcpmon.ini:KAVICHS ->
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
@Alternate Data Stream - 68 bytes -> %System32%\Thumbs.db:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %System32%\ticrf.rat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tmp44CC1.FOT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tmp51CC1.FOT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tmp8DD4E.FOT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tmp9AD4E.FOT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tsd32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tslabels.h:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tslabels.ini:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\tssoft32.acm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\TZLog.log:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\unicode.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrcntra.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrcoina.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrdpa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrdtea.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrfaxa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrlbva.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrlogon.cmd:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrmlnka.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrprbda.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrrtosa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrsdpia.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrshuta.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrsvpia.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrv42a.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrv80a.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrvoica.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\usrvpa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\v7vga.rom:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\Veo532.ax:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\Veo532ut.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\Veo532vw.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\VeoSetup532.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\View Channels.scf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\VSFLEX3.OCX:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\VXBLOCK.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\vybeg.bak1:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %System32%\vybeg.ini:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\vybeg.tmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbcache.deu:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbcache.enu:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbcache.esn:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbcache.fra:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbcache.ita:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbcache.nld:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbcache.sve:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbdbase.deu:KAVICHS ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\wbdbase.enu:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbdbase.esn:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbdbase.fra:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbdbase.ita:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbdbase.nld:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wbdbase.sve:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wdl.trm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\webfldrs.msi:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wiasf.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\win87em.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\winhelp.hlp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wmimgmt.msc:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\wmpscheme.xml:KAVICHS ->
@Alternate Data Stream - 228 bytes -> %System32%\wpa.dbl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\XCeedCry.DLL:KAVICHS ->
Thawte Consulting , -> %System32%\XCeedCry.DLL -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 2/20/2001 10:47:54 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\XceedFtp.dll:KAVICHS ->
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 11/7/2003 11:25:22 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\YCRWin32.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\zonedoff.reg:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\zonedon.reg:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\12520437.cpx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\12520850.cpx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\a3d.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\adv01nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\adv02nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\adv05nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\adv07nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\adv08nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\adv09nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\adv11nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\amdagp.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\amstream.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ansi.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\append.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\apphelp.sdb:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\apph_sp.sdb:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\apps.chm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1btxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1mdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1pdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1raxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1rvxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1snxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1ttxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1tuxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1xbxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati1xsxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati2cqag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati2dvaa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati2dvag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati2mtaa.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati2mtag.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati3d1ag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ati3duag.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinbtxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinmdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinpdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinraxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinrvxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinsnxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinttxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atintuxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinxbxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atinxsxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ativdaxx.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ativmvxx.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ativtmxx.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ativvaxx.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atv01nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atv02nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atv04nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atv06nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\atv10nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ch7xxnt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\cinemst2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\country.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\cpqdap01.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ctype.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_037.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10000.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10004.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10005.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10006.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10007.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10010.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10017.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10021.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10029.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10079.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10081.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_10082.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1026.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1250.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1251.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1252.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1253.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1254.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1255.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1256.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1257.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_1258.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_20127.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_20261.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_20866.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_20905.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_21866.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28591.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28592.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28593.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28594.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28595.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28596.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28597.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28598.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28599.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28603.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_28605.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_437.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_500.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_708.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_720.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_737.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_775.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_850.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_852.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_855.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_857.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_860.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_861.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_862.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_863.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_864.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_865.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_866.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_869.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_874.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_875.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_932.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_936.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_949.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\c_950.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\debug.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dfrgfat.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dgnet.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dgrpsetu.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dgsetup.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmconfig.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmdlgs.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmdskmgr.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmdskres.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmintf.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmremote.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmserver.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmutil.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dmview.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dosx.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\drvmain.sdb:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dvdplay.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\dxmasf.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\edlin.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\encdec.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\eqnclass.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\exe2bin.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\fastopen.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\geo.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\himem.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\hsfbs2s2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\hsfcisp2.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\hsfcxts2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\hsfdpsp2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\htrn_jis.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\isrdbg32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\jgdw400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\jgpl400.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\key01.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\keyboard.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\locale.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ltts1033.lxa:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\l_intl.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mciqtz32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mdwmdmsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mem.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mlang.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mpg2data.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mscdexnt.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\msdvbnp.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\msdxm.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\msdxmlc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\msimain.sdb:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mtlmnt5.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mtlstrm.sys:KAVICHS ->
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mtxparhd.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\mtxparhm.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\nikedrv.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\nls302en.lex:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\nlsfunc.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntdos.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntdos404.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntdos411.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntdos412.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntdos804.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntio.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntio404.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntio411.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntio412.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntio804.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\ntmtlfax.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\nv4_disp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\nv4_mini.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\odbcconf.rsp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\oembios.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\oembios.sig:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\paqsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\proctexe.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\psisdecd.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\psisrndr.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\pubprn.vbs:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\qcap.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\qdv.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\qedit.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\qedwipes.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\r1033tts.lxa:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\recagent.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\redir.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\regwiz.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\regwizc.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\rio8drv.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\riodrv.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\rsm.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\s3gnb.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\s3gnbm.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sam.sdf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sam.spd:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sbe.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\secupd.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\secupd.sig:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\share.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\siint5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sisagp.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slbcsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slbiop.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slbrccsp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slcoinst.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slextspk.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slgen.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slnt7554.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slntamr.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slnthal.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slrundll.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slserv.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\slwdmsup.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sniffpol.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sortkey.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sorttbls.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\spnike.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sprio600.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sprio800.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\spxcoins.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\srframe.mmf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sstub.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\sysmain.sdb:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\tourP.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\tsbvcap.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\tsd32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\tshoot.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\twain.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\twain_32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\twunk_16.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\twunk_32.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\unicode.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrcntra.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrcoina.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrdpa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrdtea.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrfaxa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrlbva.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrmlnka.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrprbda.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrrtosa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrsdpia.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrshuta.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrsvpia.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrv42a.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrv80a.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrvoica.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\usrvpa.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\vchnt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\vdmindvd.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\wadv07nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\wadv08nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\wadv09nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\wadv11nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\watv06nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\watv10nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\wiasf.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dllcache\win87em.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a302.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a303.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a304.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a305.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a306.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a307.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a308.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a309.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a310.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a311.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a313.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\a314.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\adv01nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\adv02nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\adv05nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\adv07nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\adv08nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\adv09nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\adv11nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ALCXSENS.SYS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\ALCXWDM.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\amdagp.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\asctrm.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1btxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1mdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1pdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1raxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1rvxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1snxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1ttxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1tuxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1xbxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati1xsxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati2mtaa.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ati2mtag.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinbtxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinmdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinpdxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinraxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinrvxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinsnxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinttxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atintuxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinxbxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atinxsxx.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ativmc20.cod:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atv01nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atv02nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atv04nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atv06nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atv10nt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atwpkt2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\atwpkt264.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\cdr4_xp.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\cdralw2k.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ch7xxnt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\cinemst2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\cpqdap01.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\cxthsfs2.cty:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DLACDBHM.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DLARTL_M.SYS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\dmboot.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\dmio.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\dmload.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DRVMCDB.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\DRVNDDM.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\FOPN.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\gm.dls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\gmreadme.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\hsfbs2s2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\hsfcxts2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\hsfdpsp2.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\HSFHWBS2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\HSFProf.cty:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\HSF_CNXT.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\HSF_DP.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\ialmkchw.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\ialmnt5.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\ialmsbw.sys:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\drivers\ipvnmon.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\kl1.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\klick.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\klif.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\klin.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\klmc.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\Klpf.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\Klpid.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\mdmxsdk.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\mtlmnt5.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\mtlstrm.sys:KAVICHS ->
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\mtxparhm.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\netwlan5.img:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\nikedrv.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ntmtlfax.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\nv4_mini.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\ptilink.sys:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\drivers\pxhelp20.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\recagent.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\rio8drv.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\riodrv.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\rtl8139.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\Rtlnic51.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\RxFilter.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\s3gnbm.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\SbcpHid.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\secdrv.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\siint5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sisagp.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\slnt7554.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\slntamr.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\slnthal.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\slwdmsup.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonyhcb.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonyhcc.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\Sonyhcp.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonyhcs.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\sonypvs1.sys:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\drivers\Sunkfilt.sys:KAVICHS ->
@Alternate Data Stream - 100 bytes -> %System32%\drivers\Sunkfilt39.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\tsbvcap.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\ubVeo532.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\vch.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\vchnt5.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\vdmindvd.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\wa301a.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\wa301b.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\wadv07nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\wadv08nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\wadv09nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\wadv11nt.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\wanatw4.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\watv06nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\watv10nt.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\etc\lmhosts.sam:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\etc\networks:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\etc\protocol:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\etc\services:KAVICHS ->

< End of report >

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:26 AM

Posted 25 June 2007 - 07:40 PM

Hi sbrntx. The system appears to be pretty heavily infected so let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ->
YN -> 103 ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> gebyv -> %System32%\gebyv.dll
YY -> jkkhebb -> %System32%\jkkhebb.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {0A1674EF-D01F-4432-A613-1AF593CA5827} [HKLM] -> %System32%\gebyv.dll [Reg Data - Value does not exist]
YY -> {54622BD0-DB10-4CB3-8977-C34077CBB411} [HKLM] -> %ProgramFiles%\MSN Gaming Zone\qurozub83122.dll []
YY -> {DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [Reg Data - Value does not exist]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {0D555BC6-E331-48b3-A60E-AAC0DF79438A} -> Reg Data - Value does not exist [ButtonText: Popup Blocker]
YN -> {85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8]
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
[Files/Folders - Created Within 30 days]
NY -> cs_cache.ini -> %SystemRoot%\cs_cache.ini
NY -> rau001978.exe -> %SystemRoot%\rau001978.exe
NY -> tcb.pmw -> %SystemRoot%\tcb.pmw
NY -> ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico
NY -> G1 -> %System32%\G1
NY -> G2 -> %System32%\G2
NY -> G3 -> %System32%\G3
NY -> G4 -> %System32%\G4
NY -> G5 -> %System32%\G5
NY -> gebyv.dll -> %System32%\gebyv.dll
NY -> jkkhebb.dll -> %System32%\jkkhebb.dll
NY -> o02PrEz -> %System32%\o02PrEz
NY -> vybeg.bak1 -> %System32%\vybeg.bak1
NY -> vybeg.ini -> %System32%\vybeg.ini
NY -> vybeg.ini2 -> %System32%\vybeg.ini2
NY -> vybeg.tmp -> %System32%\vybeg.tmp
NY -> win -> %System32%\win
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
NY -> core.sys -> %System32%\drivers\core.sys
[Files/Folders - Modified Within 30 days]
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> rau001978.exe -> %SystemRoot%\rau001978.exe
NY -> tcb.pmw -> %SystemRoot%\tcb.pmw
NY -> G1 -> %System32%\G1
NY -> G2 -> %System32%\G2
NY -> G3 -> %System32%\G3
NY -> G4 -> %System32%\G4
NY -> G5 -> %System32%\G5
NY -> gebyv.dll -> %System32%\gebyv.dll
NY -> jkkhebb.dll -> %System32%\jkkhebb.dll
NY -> o02PrEz -> %System32%\o02PrEz
NY -> vybeg.bak1 -> %System32%\vybeg.bak1
NY -> vybeg.ini -> %System32%\vybeg.ini
NY -> vybeg.ini2 -> %System32%\vybeg.ini2
NY -> vybeg.tmp -> %System32%\vybeg.tmp
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
NY -> core.sys -> %System32%\drivers\core.sys
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time. You will be asked to reboot when the fix is complete. Choose Yes and reboot into Safe Mode as shown below.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 sbrntx

sbrntx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 26 June 2007 - 07:51 AM

Good Morning OT,
Here is the WinFind3U report and .lof file but at the end of the AVG scan there was no report. I'm now in normal mode and AVG keeps popping up saying the system is infected with Malware...I clicked ignore for now until I hear back from you
Thanks Again,
Sherry

WinPFind3 logfile created on: 6/26/2007 7:34:01 AM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Riley\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247.48 Mb Total Physical Memory | 49.98 Mb Available Physical Memory | 20.20% Memory free
606.36 Mb Paging File | 314.78 Mb Available in Paging File | 51.91% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 85.22 Gb Free Space | 76.23% Space Free
Drive D: | 35.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-ZR0DB6N7RW
Current User Name: Riley
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
bigfix.exe -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ]
dpasnt.exe -> %ProgramFiles%\DefenderPro AntiSpy\DPASNT.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 532480 bytes | Modified Date = 4/29/2005 5:17:20 AM | Attr = ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Roxio [Ver = 9.0.5.25 | Size = 1121016 bytes | Modified Date = 11/15/2006 9:05:00 AM | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 5400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.15.0.0 | Size = 82864 bytes | Modified Date = 11/22/2006 4:11:24 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
kavpf.exe -> %ProgramFiles%\Defender Pro\Defender Pro Firewall\KAVPF.exe -> Defender Pro LLC [Ver = 1.8.0.180 | Size = 1224319 bytes | Modified Date = 9/27/2005 5:31:30 AM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 6:00:02 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 174592 bytes | Modified Date = 1/13/2004 5:55:52 PM | Attr = ]
lxbmbmgr.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 5:04:08 AM | Attr = ]
lxbmbmon.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmon.exe -> Lexmark International, Inc. [Ver = 2, 0, 0, 1 | Size = 94208 bytes | Modified Date = 1/16/2004 5:27:30 AM | Attr = ]
lxctcoms.exe -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
lxctmon.exe -> %ProgramFiles%\Lexmark 5400 Series\lxctmon.exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 11/22/2006 4:11:22 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/9/2006 4:12:48 PM | Attr = ]
tsantispy.exe -> %ProgramFiles%\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 950272 bytes | Modified Date = 5/24/2005 3:48:18 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found
(kavsvc) kavsvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 917610 bytes | Modified Date = 10/20/2005 9:48:24 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 6:00:02 PM | Attr = ]
(lxct_device) lxct_device [Win32_Own | Auto | Running] -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 12/13/2006 10:17:26 PM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.94 | Size = 294912 bytes | Modified Date = 12/13/2006 10:17:02 PM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.89 | Size = 880640 bytes | Modified Date = 1/16/2007 12:44:48 PM | Attr = ]
(stllssvr) stllssvr [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.455 | Size = 73728 bytes | Modified Date = 1/15/2007 8:05:30 AM | Attr = R ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
DPAS -> %ProgramFiles%\DefenderPro AntiSpy\DPASNT.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 532480 bytes | Modified Date = 4/29/2005 5:17:20 AM | Attr = ]
DPASUpdate -> %ProgramFiles%\DefenderPro AntiSpy\DPASAutoUpdate.exe -> File not found
EzPrint -> %ProgramFiles%\Lexmark 5400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.15.0.0 | Size = 82864 bytes | Modified Date = 11/22/2006 4:11:24 AM | Attr = ]
FaxCenterServer4_in_1 -> %ProgramFiles%\Lexmark 4200 Series\Fax\fm3032.exe -> [Ver = | Size = 151552 bytes | Modified Date = 1/22/2004 11:59:10 AM | Attr = ]
KAVPersonal50 -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kav.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 387687 bytes | Modified Date = 10/21/2005 4:21:14 AM | Attr = ]
Lexmark 4200 Series -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 5:04:08 AM | Attr = ]
Lexmark 5400 Series Fax Server -> %ProgramFiles%\Lexmark 5400 Series\fm3032.exe -> [Ver = 0.1.4.1 | Size = 304048 bytes | Modified Date = 11/22/2006 4:12:08 AM | Attr = ]
LXCTCATS -> %System32%\spool\drivers\w32x86\3\lxcttime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16] -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 7:27:06 AM | Attr = ]
lxctmon.exe -> %ProgramFiles%\Lexmark 5400 Series\lxctmon.exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 11/22/2006 4:11:22 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 5:50:42 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
RecoverFromReboot -> %SystemRoot%\Temp\RecoverFromReboot.exe -> Motive Communications, Inc. [Ver = 1,0,1,5 | Size = 151552 bytes | Modified Date = 7/8/2003 6:41:48 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Roxio [Ver = 9.0.5.25 | Size = 1121016 bytes | Modified Date = 11/15/2006 9:05:00 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/9/2006 4:12:48 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ]
%AllUsersStartup%\Defender Pro Firewall.lnk -> %ProgramFiles%\Defender Pro\Defender Pro Firewall\KAVPF.exe -> Defender Pro LLC [Ver = 1.8.0.180 | Size = 1224319 bytes | Modified Date = 9/27/2005 5:31:30 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
gebyv -> %System32%\gebyv.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/23/2007 8:59:58 AM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/29/2004 9:13:24 PM | Attr = ]
jkkhebb -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} [HKLM] -> %ProgramFiles%\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll [CPub Object] -> Osborn Technologies, Inc. [Ver = 3.0 | Size = 262144 bytes | Modified Date = 11/22/2004 5:31:52 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [Reg Data - Value does not exist] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
{E6A9E1FD-636B-4A45-B40D-A6E407290B36} [HKLM] -> %System32%\gebyv.dll [Reg Data - Value does not exist] -> [Ver = | Size = 266336 bytes | Modified Date = 6/23/2007 8:59:58 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [MenuText: Sun Java Console] -> JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 1/1/2004 7:34:00 AM | Attr = ]
{0D555BC6-E331-48b3-A60E-AAC0DF79438A} -> Reg Data - Value does not exist [ButtonText: Popup Blocker] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 8/21/2006 3:22:00 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5C864DA1-AEBA-43DE-AC7A-30390B4800D5} -> () ->
{F7838824-CFE0-4E36-AD79-D5818E4C6DED} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/9/b...heckControl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1182717650421 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{B9191F79-5613-4C76-AA2A-398534BB8999} -> - CodeBase = http://download.yahoo.com/dl/installs/yab_af.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 6/24/2007 6:48:05 PM | Attr = ]
DLA.EXE -> %SystemRoot%\DLA.EXE -> Roxio [Ver = 9.05.10a | Size = 92920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 6/24/2007 3:21:05 PM | Attr = S]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 6/24/2007 3:51:11 PM | Attr = H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 6/20/2007 3:57:06 PM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DLAAPI_W.DLL -> %System32%\DLAAPI_W.DLL -> [Ver = | Size = 56056 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
gebyv.dll -> %System32%\gebyv.dll -> [Ver = | Size = 266336 bytes | Created Date = 6/23/2007 7:59:56 AM | Attr = ]
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Created Date = 6/23/2007 7:54:40 AM | Attr = ]
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Created Date = 6/21/2007 1:10:34 PM | Attr = ]
lxct.loc -> %System32%\lxct.loc -> [Ver = | Size = 1811 bytes | Created Date = 6/21/2007 1:10:06 PM | Attr = R ]
lxctcoin.dll -> %System32%\lxctcoin.dll -> [Ver = | Size = 344064 bytes | Created Date = 6/21/2007 1:10:07 PM | Attr = R ]
LXCTFXPU.DLL -> %System32%\LXCTFXPU.DLL -> [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
LXCThcp.dll -> %System32%\LXCThcp.dll -> [Ver = 99.99.99.99 | Size = 323584 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
LXCTinst.dll -> %System32%\LXCTinst.dll -> [Ver = | Size = 274432 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
lxctpmon.dll -> %System32%\lxctpmon.dll -> [Ver = 0.1.35.8 | Size = 45056 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
lxctpmrc.dll -> %System32%\lxctpmrc.dll -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 6/21/2007 1:14:04 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
SONYHCY.DLL -> %System32%\SONYHCY.DLL -> Sony Corporation [Ver = 1.00.0628 | Size = 53248 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
vybeg.ini -> %System32%\vybeg.ini -> [Ver = | Size = 3565 bytes | Created Date = 6/25/2007 7:26:21 PM | Attr = HS]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/25/2007 7:12:57 PM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Created Date = 6/23/2007 7:55:10 AM | Attr = ]
DLACDBHM.SYS -> %System32%\drivers\DLACDBHM.SYS -> Roxio [Ver = local_build | Size = 12920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DLARTL_M.SYS -> %System32%\drivers\DLARTL_M.SYS -> Roxio [Ver = local_build | Size = 28184 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DRVMCDB.SYS -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 9.10.06a | Size = 99816 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
DRVNDDM.SYS -> %System32%\drivers\DRVNDDM.SYS -> Roxio [Ver = 9.05.01a | Size = 51768 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Created Date = 6/23/2007 10:51:41 AM | Attr = ]
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:07 PM | Attr = ]
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:08 PM | Attr = ]
sonyhcb.sys -> %System32%\drivers\sonyhcb.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 6097 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonyhcc.sys -> %System32%\drivers\sonyhcc.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 38739 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
Sonyhcp.dll -> %System32%\drivers\Sonyhcp.dll -> [Ver = | Size = 3654 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonyhcs.sys -> %System32%\drivers\sonyhcs.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 299923 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonypvs1.sys -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/25/2007 4:43:56 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/25/2007 8:37:22 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Modified Date = 6/26/2007 7:21:42 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/25/2007 8:12:38 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/24/2007 11:54:48 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/23/2007 8:55:22 AM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/25/2007 8:24:04 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 6/24/2007 7:56:36 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/26/2007 7:21:44 AM | Attr = S]
D9H7ADHB.ocx -> %SystemRoot%\D9H7ADHB.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/26/2007 7:22:28 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/24/2007 7:48:14 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/21/2007 10:42:52 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 6/24/2007 4:52:16 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/24/2007 4:34:18 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/24/2007 7:48:06 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/25/2007 4:44:14 PM | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 6/23/2007 6:46:16 PM | Attr = ]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 483 bytes | Modified Date = 6/21/2007 1:08:20 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 6/24/2007 4:52:32 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/23/2007 1:26:00 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/16/2007 12:20:26 PM | Attr = ]
occache -> %SystemRoot%\occache -> [Folder | Modified Date = 6/24/2007 4:21:08 PM | Attr = S]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/26/2007 7:32:44 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/7/2007 11:59:46 PM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 6/21/2007 10:38:46 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/21/2007 11:56:24 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/23/2007 10:21:18 AM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1035139 bytes | Modified Date = 6/24/2007 5:40:08 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/5/2007 3:05:10 PM | Attr = ]
SoftwareDistribution to Sdold -> %SystemRoot%\SoftwareDistribution to Sdold -> [Folder | Modified Date = 6/24/2007 3:41:10 PM | Attr = S]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/26/2007 7:34:10 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/20/2007 4:57:08 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/26/2007 7:30:04 AM | Attr = ]
tsiwinfile.dat -> %SystemRoot%\tsiwinfile.dat -> [Ver = | Size = 64 bytes | Modified Date = 6/23/2007 6:46:58 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 629 bytes | Modified Date = 6/26/2007 7:22:36 AM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 312 bytes | Modified Date = 6/21/2007 10:48:40 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/21/2007 10:45:40 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 6/21/2007 10:38:18 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/24/2007 11:20:06 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/26/2007 7:21:52 AM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/24/2007 5:41:40 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/24/2007 7:48:04 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/6/2007 5:13:04 PM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Modified Date = 6/21/2007 10:50:30 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/25/2007 8:12:58 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 363320 bytes | Modified Date = 6/21/2007 10:50:26 PM | Attr = ]
gebyv.dll -> %System32%\gebyv.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/23/2007 8:59:58 AM | Attr = ]
HAF9SE8J.ocx -> %System32%\HAF9SE8J.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/26/2007 7:22:28 AM | Attr = ]
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Modified Date = 6/21/2007 2:14:44 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 61258 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401084 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 457628 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 6/24/2007 11:54:50 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3644 bytes | Modified Date = 6/25/2007 5:29:38 PM | Attr = ]
vybeg.ini -> %System32%\vybeg.ini -> [Ver = | Size = 3565 bytes | Modified Date = 6/26/2007 7:34:20 AM | Attr = HS]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/26/2007 7:27:08 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Modified Date = 6/23/2007 8:55:12 AM | Attr = ]
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Modified Date = 6/23/2007 11:51:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.03 | Size = 10435072 bytes | Modified Date = 8/20/2003 9:37:38 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctcfg.exe -> [Ver = 99.99.99.99 | Size = 381872 bytes | Modified Date = 11/22/2006 4:11:34 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctih.exe -> [Ver = 99.99.99.99 | Size = 385968 bytes | Modified Date = 11/22/2006 4:11:38 AM | Attr = ]
PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 2:42:54 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 2956 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 7:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 6:20:34 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XCeedCry.DLL -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 2/20/2001 10:47:54 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 11/7/2003 11:25:22 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >


.lof file from WinPFind3u

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\103 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebyv deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhebb deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A1674EF-D01F-4432-A613-1AF593CA5827} not found.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54622BD0-DB10-4CB3-8977-C34077CBB411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54622BD0-DB10-4CB3-8977-C34077CBB411} deleted successfully.
DllUnregisterServer procedure not found in C:\Program Files\MSN Gaming Zone\qurozub83122.dll
C:\Program Files\MSN Gaming Zone\qurozub83122.dll NOT unregistered.
C:\Program Files\MSN Gaming Zone\qurozub83122.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\cs_cache.ini moved successfully.
C:\WINDOWS\rau001978.exe moved successfully.
C:\WINDOWS\tcb.pmw moved successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico moved successfully.
C:\WINDOWS\SYSTEM32\G1 moved successfully.
C:\WINDOWS\SYSTEM32\G2 moved successfully.
C:\WINDOWS\SYSTEM32\G3 moved successfully.
C:\WINDOWS\SYSTEM32\G4 moved successfully.
C:\WINDOWS\SYSTEM32\G5 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\o02PrEz moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.ini moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.tmp moved successfully.
C:\WINDOWS\SYSTEM32\win moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.sys scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\rau001978.exe not found!
File C:\WINDOWS\tcb.pmw not found!
File C:\WINDOWS\SYSTEM32\G1 not found!
File C:\WINDOWS\SYSTEM32\G2 not found!
File C:\WINDOWS\SYSTEM32\G3 not found!
File C:\WINDOWS\SYSTEM32\G4 not found!
File C:\WINDOWS\SYSTEM32\G5 not found!
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\o02PrEz not found!
File C:\WINDOWS\SYSTEM32\vybeg.bak1 not found!
File C:\WINDOWS\SYSTEM32\vybeg.ini not found!
File C:\WINDOWS\SYSTEM32\vybeg.ini2 not found!
File C:\WINDOWS\SYSTEM32\vybeg.tmp not found!
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.sys scheduled to be moved on reboot.
[Empty Temp Folders]
C:\DOCUME~1\Riley\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Riley\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 06/25/2007 20:24:06

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:26 AM

Posted 26 June 2007 - 04:22 PM

Hi sbrntx. Yup, there is still an infection in there. Let's try a specialized tool.

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new WinPFind3 log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

OK. Start WinPFind3u and perform a new scan. Use the Add Reply button to post your new log file back here along with the log file from VundoFix (c:\vundofix.txt) and details of any problems you encountered performing the above steps and I will review the information when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 sbrntx

sbrntx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 26 June 2007 - 09:00 PM

OK- I ran the VundoFix and it showed two things in the window (I failed to copy and paste them thinking they would pop up in another window) they were both system32 but I can't remember the letters and numbers after that.

Here is the WinPFind3u

WinPFind3 logfile created on: 6/26/2007 8:14:03 PM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Riley\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247.48 Mb Total Physical Memory | 38.07 Mb Available Physical Memory | 15.38% Memory free
606.36 Mb Paging File | 315.78 Mb Available in Paging File | 52.08% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 83.71 Gb Free Space | 74.88% Space Free
Drive D: | 35.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-ZR0DB6N7RW
Current User Name: Riley
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
bigfix.exe -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ]
dpasnt.exe -> %ProgramFiles%\DefenderPro AntiSpy\DPASNT.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 532480 bytes | Modified Date = 4/29/2005 5:17:20 AM | Attr = ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Roxio [Ver = 9.0.5.25 | Size = 1121016 bytes | Modified Date = 11/15/2006 9:05:00 AM | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 5400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.15.0.0 | Size = 82864 bytes | Modified Date = 11/22/2006 4:11:24 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
kavpf.exe -> %ProgramFiles%\Defender Pro\Defender Pro Firewall\KAVPF.exe -> Defender Pro LLC [Ver = 1.8.0.180 | Size = 1224319 bytes | Modified Date = 9/27/2005 5:31:30 AM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 6:00:02 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 174592 bytes | Modified Date = 1/13/2004 5:55:52 PM | Attr = ]
lxbmbmgr.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 5:04:08 AM | Attr = ]
lxbmbmon.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmon.exe -> Lexmark International, Inc. [Ver = 2, 0, 0, 1 | Size = 94208 bytes | Modified Date = 1/16/2004 5:27:30 AM | Attr = ]
lxctcoms.exe -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
lxctmon.exe -> %ProgramFiles%\Lexmark 5400 Series\lxctmon.exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 11/22/2006 4:11:22 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/9/2006 4:12:48 PM | Attr = ]
tsantispy.exe -> %ProgramFiles%\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 950272 bytes | Modified Date = 5/24/2005 3:48:18 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found
(kavsvc) kavsvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 917610 bytes | Modified Date = 10/20/2005 9:48:24 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 6:00:02 PM | Attr = ]
(lxct_device) lxct_device [Win32_Own | Auto | Running] -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 12/13/2006 10:17:26 PM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.94 | Size = 294912 bytes | Modified Date = 12/13/2006 10:17:02 PM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.89 | Size = 880640 bytes | Modified Date = 1/16/2007 12:44:48 PM | Attr = ]
(stllssvr) stllssvr [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.455 | Size = 73728 bytes | Modified Date = 1/15/2007 8:05:30 AM | Attr = R ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
DPAS -> %ProgramFiles%\DefenderPro AntiSpy\DPASNT.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 532480 bytes | Modified Date = 4/29/2005 5:17:20 AM | Attr = ]
DPASUpdate -> %ProgramFiles%\DefenderPro AntiSpy\DPASAutoUpdate.exe -> File not found
EzPrint -> %ProgramFiles%\Lexmark 5400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.15.0.0 | Size = 82864 bytes | Modified Date = 11/22/2006 4:11:24 AM | Attr = ]
FaxCenterServer4_in_1 -> %ProgramFiles%\Lexmark 4200 Series\Fax\fm3032.exe -> [Ver = | Size = 151552 bytes | Modified Date = 1/22/2004 11:59:10 AM | Attr = ]
KAVPersonal50 -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kav.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 387687 bytes | Modified Date = 10/21/2005 4:21:14 AM | Attr = ]
Lexmark 4200 Series -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 5:04:08 AM | Attr = ]
Lexmark 5400 Series Fax Server -> %ProgramFiles%\Lexmark 5400 Series\fm3032.exe -> [Ver = 0.1.4.1 | Size = 304048 bytes | Modified Date = 11/22/2006 4:12:08 AM | Attr = ]
LXCTCATS -> %System32%\spool\drivers\w32x86\3\lxcttime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16] -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 7:27:06 AM | Attr = ]
lxctmon.exe -> %ProgramFiles%\Lexmark 5400 Series\lxctmon.exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 11/22/2006 4:11:22 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 5:50:42 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
RecoverFromReboot -> %SystemRoot%\Temp\RecoverFromReboot.exe -> Motive Communications, Inc. [Ver = 1,0,1,5 | Size = 151552 bytes | Modified Date = 7/8/2003 6:41:48 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Roxio [Ver = 9.0.5.25 | Size = 1121016 bytes | Modified Date = 11/15/2006 9:05:00 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/9/2006 4:12:48 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ]
%AllUsersStartup%\Defender Pro Firewall.lnk -> %ProgramFiles%\Defender Pro\Defender Pro Firewall\KAVPF.exe -> Defender Pro LLC [Ver = 1.8.0.180 | Size = 1224319 bytes | Modified Date = 9/27/2005 5:31:30 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/29/2004 9:13:24 PM | Attr = ]
jkkhebb -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{C63C47F9-4B1A-4137-A290-B4B9DD6F63A8} [HKLM] -> %System32%\gebyv.dll [Reg Data - Value does not exist] -> File not found
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} [HKLM] -> %ProgramFiles%\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll [CPub Object] -> Osborn Technologies, Inc. [Ver = 3.0 | Size = 262144 bytes | Modified Date = 11/22/2004 5:31:52 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [Reg Data - Value does not exist] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [MenuText: Sun Java Console] -> JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 1/1/2004 7:34:00 AM | Attr = ]
{0D555BC6-E331-48b3-A60E-AAC0DF79438A} -> Reg Data - Value does not exist [ButtonText: Popup Blocker] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 8/21/2006 3:22:00 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5C864DA1-AEBA-43DE-AC7A-30390B4800D5} -> () ->
{F7838824-CFE0-4E36-AD79-D5818E4C6DED} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/9/b...heckControl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1182717650421 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{B9191F79-5613-4C76-AA2A-398534BB8999} -> - CodeBase = http://download.yahoo.com/dl/installs/yab_af.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/26/2007 7:02:00 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 6/24/2007 6:48:05 PM | Attr = ]
DLA.EXE -> %SystemRoot%\DLA.EXE -> Roxio [Ver = 9.05.10a | Size = 92920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 6/24/2007 3:21:05 PM | Attr = S]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 6/24/2007 3:51:11 PM | Attr = H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 6/20/2007 3:57:06 PM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DLAAPI_W.DLL -> %System32%\DLAAPI_W.DLL -> [Ver = | Size = 56056 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Created Date = 6/23/2007 7:54:40 AM | Attr = ]
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Created Date = 6/21/2007 1:10:34 PM | Attr = ]
lxct.loc -> %System32%\lxct.loc -> [Ver = | Size = 1811 bytes | Created Date = 6/21/2007 1:10:06 PM | Attr = R ]
lxctcoin.dll -> %System32%\lxctcoin.dll -> [Ver = | Size = 344064 bytes | Created Date = 6/21/2007 1:10:07 PM | Attr = R ]
LXCTFXPU.DLL -> %System32%\LXCTFXPU.DLL -> [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
LXCThcp.dll -> %System32%\LXCThcp.dll -> [Ver = 99.99.99.99 | Size = 323584 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
LXCTinst.dll -> %System32%\LXCTinst.dll -> [Ver = | Size = 274432 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
lxctpmon.dll -> %System32%\lxctpmon.dll -> [Ver = 0.1.35.8 | Size = 45056 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
lxctpmrc.dll -> %System32%\lxctpmrc.dll -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 6/21/2007 1:14:04 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
SONYHCY.DLL -> %System32%\SONYHCY.DLL -> Sony Corporation [Ver = 1.00.0628 | Size = 53248 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/25/2007 7:12:57 PM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Created Date = 6/23/2007 7:55:10 AM | Attr = ]
DLACDBHM.SYS -> %System32%\drivers\DLACDBHM.SYS -> Roxio [Ver = local_build | Size = 12920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DLARTL_M.SYS -> %System32%\drivers\DLARTL_M.SYS -> Roxio [Ver = local_build | Size = 28184 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DRVMCDB.SYS -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 9.10.06a | Size = 99816 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
DRVNDDM.SYS -> %System32%\drivers\DRVNDDM.SYS -> Roxio [Ver = 9.05.01a | Size = 51768 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Created Date = 6/23/2007 10:51:41 AM | Attr = ]
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:07 PM | Attr = ]
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:08 PM | Attr = ]
sonyhcb.sys -> %System32%\drivers\sonyhcb.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 6097 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonyhcc.sys -> %System32%\drivers\sonyhcc.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 38739 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
Sonyhcp.dll -> %System32%\drivers\Sonyhcp.dll -> [Ver = | Size = 3654 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonyhcs.sys -> %System32%\drivers\sonyhcs.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 299923 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonypvs1.sys -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/25/2007 4:43:56 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/25/2007 8:37:22 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Modified Date = 6/26/2007 8:07:12 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/25/2007 8:12:38 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/24/2007 11:54:48 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/23/2007 8:55:22 AM | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/26/2007 8:06:04 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/25/2007 8:24:04 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 6/24/2007 7:56:36 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/26/2007 8:07:16 PM | Attr = S]
D9H7ADHB.ocx -> %SystemRoot%\D9H7ADHB.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/26/2007 8:07:48 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/24/2007 7:48:14 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/21/2007 10:42:52 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 6/24/2007 4:52:16 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/24/2007 4:34:18 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/24/2007 7:48:06 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/25/2007 4:44:14 PM | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 6/23/2007 6:46:16 PM | Attr = ]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 483 bytes | Modified Date = 6/21/2007 1:08:20 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 6/24/2007 4:52:32 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/23/2007 1:26:00 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/16/2007 12:20:26 PM | Attr = ]
occache -> %SystemRoot%\occache -> [Folder | Modified Date = 6/24/2007 4:21:08 PM | Attr = S]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/26/2007 8:12:58 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/7/2007 11:59:46 PM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 6/21/2007 10:38:46 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/21/2007 11:56:24 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/23/2007 10:21:18 AM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1035139 bytes | Modified Date = 6/24/2007 5:40:08 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/5/2007 3:05:10 PM | Attr = ]
SoftwareDistribution to Sdold -> %SystemRoot%\SoftwareDistribution to Sdold -> [Folder | Modified Date = 6/24/2007 3:41:10 PM | Attr = S]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/26/2007 8:06:18 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/20/2007 4:57:08 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/26/2007 8:13:42 PM | Attr = ]
tsiwinfile.dat -> %SystemRoot%\tsiwinfile.dat -> [Ver = | Size = 64 bytes | Modified Date = 6/23/2007 6:46:58 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 629 bytes | Modified Date = 6/26/2007 8:07:44 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 312 bytes | Modified Date = 6/21/2007 10:48:40 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/21/2007 10:45:40 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 6/21/2007 10:38:18 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/24/2007 11:20:06 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/26/2007 8:07:20 PM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/24/2007 5:41:40 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/24/2007 7:48:04 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/6/2007 5:13:04 PM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Modified Date = 6/21/2007 10:50:30 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/25/2007 8:12:58 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 363320 bytes | Modified Date = 6/21/2007 10:50:26 PM | Attr = ]
HAF9SE8J.ocx -> %System32%\HAF9SE8J.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/26/2007 8:07:48 PM | Attr = ]
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Modified Date = 6/21/2007 2:14:44 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 61258 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401084 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 457628 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 6/24/2007 11:54:50 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3644 bytes | Modified Date = 6/25/2007 5:29:38 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/26/2007 8:10:24 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Modified Date = 6/23/2007 8:55:12 AM | Attr = ]
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Modified Date = 6/23/2007 11:51:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.03 | Size = 10435072 bytes | Modified Date = 8/20/2003 9:37:38 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctcfg.exe -> [Ver = 99.99.99.99 | Size = 381872 bytes | Modified Date = 11/22/2006 4:11:34 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctih.exe -> [Ver = 99.99.99.99 | Size = 385968 bytes | Modified Date = 11/22/2006 4:11:38 AM | Attr = ]
PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 2:42:54 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 2956 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 7:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 6:20:34 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XCeedCry.DLL -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 2/20/2001 10:47:54 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 11/7/2003 11:25:22 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >


I did run the Vundofix again and it found nothing but I still have AVG popping up and this is what it say's

Malware found
Adware.Virtumonde
Location: WINDOWS\32\jkkhebb.dll
Risk: medium
And it gives 4 choices on how to proceed
1. Clean & move to quarantine
2. Clean
3. Ignore (recommended)
4. Ignore & add to exceptions
5. use for all objects of this infection

Also when I opened IE to send this to you I notice two things in teh address bar...where they came from I do not know.
one say's Banner Maker- Your Banner Has Been Saved
the other say's http://bizcash.info/go/to.php?id=007

Thanks you so much for all your help.
Sherry

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:26 AM

Posted 27 June 2007 - 04:33 AM

Hi sbrntx. There is something that we are not seeing here. Let's expand the search a bit.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Processes section click All.
  • In the Win32 Services section click All.
  • In the Driver Services section click on Non-Microsoft.
  • In the Files Created Within and Files Modified Within sections click 60 days.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 sbrntx

sbrntx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 27 June 2007 - 11:05 AM

WinPFind3 logfile created on: 6/27/2007 10:49:06 AM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Riley\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

247.48 Mb Total Physical Memory | 54.64 Mb Available Physical Memory | 22.08% Memory free
606.36 Mb Paging File | 231.27 Mb Available in Paging File | 38.14% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 82.95 Gb Free Space | 74.20% Space Free
Drive D: | 35.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-ZR0DB6N7RW
Current User Name: Riley
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:50 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> [Wmi] -> File not found
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:50 PM | Attr = ]
-> [Wmi] -> File not found
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 7:59:42 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:46 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 2:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 7:28:28 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 1:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 5:47:18 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 11:27:56 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 10.0.3790.3802 | Size = 25088 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> [Wmi] -> File not found
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 3:17:02 PM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 10:35:06 PM | Attr = ]
-> [Wmi] -> File not found
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 6:00:02 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 174592 bytes | Modified Date = 1/13/2004 5:55:52 PM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 6:53:32 PM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ]
lxbmbmgr.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 5:04:08 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/9/2006 4:12:48 PM | Attr = ]
lxbmbmon.exe -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmon.exe -> Lexmark International, Inc. [Ver = 2, 0, 0, 1 | Size = 94208 bytes | Modified Date = 1/16/2004 5:27:30 AM | Attr = ]
lxctmon.exe -> %ProgramFiles%\Lexmark 5400 Series\lxctmon.exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 11/22/2006 4:11:22 AM | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 5400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.15.0.0 | Size = 82864 bytes | Modified Date = 11/22/2006 4:11:24 AM | Attr = ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Roxio [Ver = 9.0.5.25 | Size = 1121016 bytes | Modified Date = 11/15/2006 9:05:00 AM | Attr = ]
dpasnt.exe -> %ProgramFiles%\DefenderPro AntiSpy\DPASNT.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 532480 bytes | Modified Date = 4/29/2005 5:17:20 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
bigfix.exe -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ]
kavpf.exe -> %ProgramFiles%\Defender Pro\Defender Pro Firewall\KAVPF.exe -> Defender Pro LLC [Ver = 1.8.0.180 | Size = 1224319 bytes | Modified Date = 9/27/2005 5:31:30 AM | Attr = ]
tsantispy.exe -> %ProgramFiles%\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 950272 bytes | Modified Date = 5/24/2005 3:48:18 AM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 10:49:06 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
lxctcoms.exe -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 6/19/2003 11:25:00 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 1:16:48 PM | Attr = ]
-> [Wmi] -> File not found
wdfmgr.exe -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
uxkkscqr.exe -> %System32%\uxkkscqr.exe -> [Ver = | Size = 4672 bytes | Modified Date = 6/27/2007 10:13:48 AM | Attr = ]
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 622080 bytes | Modified Date = 10/17/2006 12:04:40 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]

[Win32 Services - All]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> Microsoft Corporation [Ver = 1.1.4322.2032 | Size = 32768 bytes | Modified Date = 7/15/2004 1:49:26 AM | Attr = ]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found
(kavsvc) kavsvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 917610 bytes | Modified Date = 10/20/2005 9:48:24 AM | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/13/2004 6:00:02 PM | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(lxct_device) lxct_device [Win32_Own | Auto | Running] -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 6/19/2003 11:25:00 PM | Attr = ]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/4/2004 2:56:52 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 2:56:54 AM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 3/21/2005 3:00:22 PM | Attr = ]
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 2:56:54 AM | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 2:56:54 AM | Attr = ]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 7/28/2003 12:28:22 PM | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 12/13/2006 10:17:26 PM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.5.94 | Size = 294912 bytes | Modified Date = 12/13/2006 10:17:02 PM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.89 | Size = 880640 bytes | Modified Date = 1/16/2007 12:44:48 PM | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 6:53:32 PM | Attr = ]
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(stllssvr) stllssvr [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.455 | Size = 73728 bytes | Modified Date = 1/15/2007 8:05:30 AM | Attr = R ]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr = ]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXSENS.SYS -> Sensaura Ltd [Ver = 5.10.00.3508 | Size = 404736 bytes | Modified Date = 8/14/2003 10:16:38 AM | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5320 | Size = 462940 bytes | Modified Date = 8/21/2003 3:31:52 AM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(core) core [Kernel | System | Stopped] -> system32\drivers\core.sys -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DCamUSBVeo532) Veo Web Camera [Kernel | On_Demand | Stopped] -> %System32%\drivers\ubVeo532.sys -> IC Media Corporation [Ver = 1.0.7.0 | Size = 95232 bytes | Modified Date = 7/1/2002 6:30:16 PM | Attr = ]
(DLABMFSM) DLABMFSM [File_System | Auto | Running] -> %System32%\DLA\DLABMFSM.SYS -> Roxio [Ver = 9.05.10a | Size = 35064 bytes | Modified Date = 11/1/2006 8:59:10 AM | Attr = ]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %System32%\DLA\DLABOIOM.SYS -> Roxio [Ver = 9.05.10a | Size = 32472 bytes | Modified Date = 11/1/2006 8:59:04 AM | Attr = ]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %System32%\drivers\DLACDBHM.SYS -> Roxio [Ver = local_build | Size = 12920 bytes | Modified Date = 9/15/2006 9:45:24 AM | Attr = ]
(DLADResM) DLADResM [File_System | Auto | Running] -> %System32%\DLA\DLADResM.SYS -> Roxio [Ver = 9.05.10a | Size = 9400 bytes | Modified Date = 11/1/2006 8:59:36 AM | Attr = ]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %System32%\DLA\DLAIFS_M.SYS -> Roxio [Ver = 9.05.10a | Size = 104760 bytes | Modified Date = 11/1/2006 8:59:02 AM | Attr = ]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %System32%\DLA\DLAOPIOM.SYS -> Roxio [Ver = 9.05.10a | Size = 26744 bytes | Modified Date = 11/1/2006 8:59:06 AM | Attr = ]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %System32%\DLA\DLAPoolM.SYS -> Roxio [Ver = 9.05.10a | Size = 14520 bytes | Modified Date = 11/1/2006 8:59:02 AM | Attr = ]
(DLARTL_M) DLARTL_M [File_System | System | Running] -> %System32%\drivers\DLARTL_M.SYS -> Roxio [Ver = local_build | Size = 28184 bytes | Modified Date = 9/15/2006 9:45:22 AM | Attr = ]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %System32%\DLA\DLAUDFAM.SYS -> Roxio [Ver = 9.05.10a | Size = 94648 bytes | Modified Date = 11/1/2006 8:59:10 AM | Attr = ]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %System32%\DLA\DLAUDF_M.SYS -> Roxio [Ver = 9.05.10a | Size = 98104 bytes | Modified Date = 11/1/2006 8:59:08 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:18 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 9.10.06a | Size = 99816 bytes | Modified Date = 10/25/2006 8:22:22 AM | Attr = ]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %System32%\drivers\DRVNDDM.SYS -> Roxio [Ver = 9.05.01a | Size = 51768 bytes | Modified Date = 9/15/2006 9:42:52 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.04.05 | Size = 210304 bytes | Modified Date = 11/13/2003 8:19:48 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.04.05 | Size = 1042816 bytes | Modified Date = 11/13/2003 8:17:00 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3722 | Size = 95579 bytes | Modified Date = 1/29/2004 9:13:06 PM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(Kl1) Kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 5.0.390.0 | Size = 18795 bytes | Modified Date = 10/3/2005 9:59:58 AM | Attr = ]
(Klif) Klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Labs [Ver = 6.12.10.147 | Size = 129808 bytes | Modified Date = 10/3/2005 9:59:42 AM | Attr = ]
(Klmc) Klmc [Kernel | System | Running] -> %System32%\drivers\klmc.sys -> Kaspersky Lab [Ver = 5.0.390.1 | Size = 10995 bytes | Modified Date = 10/3/2005 9:59:44 AM | Attr = ]
(Klpf) Klpf [Kernel | Boot | Running] -> %System32%\drivers\Klpf.sys -> KL [Ver = 2, 0, 0, 13 | Size = 25139 bytes | Modified Date = 8/4/2005 10:19:24 AM | Attr = ]
(Klpid) Klpid [Kernel | Boot | Running] -> %System32%\drivers\Klpid.sys -> KL [Ver = 2, 0, 0, 12 | Size = 31862 bytes | Modified Date = 8/4/2005 10:19:34 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.005 | Size = 12970 bytes | Modified Date = 1/16/2004 4:21:48 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 8/9/2006 3:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation [Ver = 5.606.811.2003 built by: WinDDK | Size = 65280 bytes | Modified Date = 8/13/2003 2:27:22 AM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 12:31:32 AM | Attr = ]
(RxFilter) RxFilter [File_System | Disabled | Stopped] -> %System32%\drivers\RxFilter.sys -> Sonic Solutions [Ver = 9.0.6.0 built by: WinDDK | Size = 50688 bytes | Modified Date = 12/2/2006 12:19:30 PM | Attr = ]
(SbcpHid) SbcpHid [Kernel | On_Demand | Stopped] -> %System32%\drivers\SbcpHid.sys -> [Ver = 5,00,43,0 | Size = 37408 bytes | Modified Date = 9/6/2001 1:18:52 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> %System32%\drivers\Sunkfilt.sys -> Alcor Micro Corp. [Ver = 2, 0, 4, 0 | Size = 40564 bytes | Modified Date = 3/22/2004 2:01:38 PM | Attr = ]
(SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Running] -> %System32%\drivers\sunkfilt39.sys -> Alcor Micro Corp. [Ver = 1, 0, 0, 3 | Size = 42936 bytes | Modified Date = 3/22/2004 2:27:20 PM | Attr = ]
(Sunkfiltp) HP && Alcor Micro Corp for Phison [Kernel | On_Demand | Stopped] -> %System32%\Drivers\sunkfiltp.sys -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %System32%\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.04.05 built by: WinDDK | Size = 679808 bytes | Modified Date = 11/13/2003 8:18:36 PM | Attr = ]
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.14.10.3722 | Size = 122110 bytes | Modified Date = 1/29/2004 9:13:06 PM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.14.10.3722 | Size = 99002 bytes | Modified Date = 1/29/2004 9:13:04 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
DPAS -> %ProgramFiles%\DefenderPro AntiSpy\DPASNT.exe -> DefenderPro [Ver = 4, 4, 1, 0 | Size = 532480 bytes | Modified Date = 4/29/2005 5:17:20 AM | Attr = ]
DPASUpdate -> %ProgramFiles%\DefenderPro AntiSpy\DPASAutoUpdate.exe -> File not found
EzPrint -> %ProgramFiles%\Lexmark 5400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.15.0.0 | Size = 82864 bytes | Modified Date = 11/22/2006 4:11:24 AM | Attr = ]
FaxCenterServer4_in_1 -> %ProgramFiles%\Lexmark 4200 Series\Fax\fm3032.exe -> [Ver = | Size = 151552 bytes | Modified Date = 1/22/2004 11:59:10 AM | Attr = ]
icq.com -> %System32%\bfqxdiij.dll [rundll32.exe "C:\WINDOWS\system32\bfqxdiij.dll",forkonce] -> [Ver = | Size = 128576 bytes | Modified Date = 6/27/2007 10:22:54 AM | Attr = ]
KAVPersonal50 -> %ProgramFiles%\Defender Pro\Defender Pro Anti-Virus\kav.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 387687 bytes | Modified Date = 10/21/2005 4:21:14 AM | Attr = ]
Lexmark 4200 Series -> %ProgramFiles%\Lexmark 4200 Series\lxbmbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.25.0 | Size = 57344 bytes | Modified Date = 1/16/2004 5:04:08 AM | Attr = ]
Lexmark 5400 Series Fax Server -> %ProgramFiles%\Lexmark 5400 Series\fm3032.exe -> [Ver = 0.1.4.1 | Size = 304048 bytes | Modified Date = 11/22/2006 4:12:08 AM | Attr = ]
LXCTCATS -> %System32%\spool\drivers\w32x86\3\lxcttime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16] -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 7:27:06 AM | Attr = ]
lxctmon.exe -> %ProgramFiles%\Lexmark 5400 Series\lxctmon.exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 11/22/2006 4:11:22 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 5:50:42 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
RecoverFromReboot -> %SystemRoot%\Temp\RecoverFromReboot.exe -> Motive Communications, Inc. [Ver = 1,0,1,5 | Size = 151552 bytes | Modified Date = 7/8/2003 6:41:48 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Roxio [Ver = 9.0.5.25 | Size = 1121016 bytes | Modified Date = 11/15/2006 9:05:00 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 10/9/2006 4:12:48 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ]
%AllUsersStartup%\Defender Pro Firewall.lnk -> %ProgramFiles%\Defender Pro\Defender Pro Firewall\KAVPF.exe -> Defender Pro LLC [Ver = 1.8.0.180 | Size = 1224319 bytes | Modified Date = 9/27/2005 5:31:30 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/29/2004 9:13:24 PM | Attr = ]
jkkhebb -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
pmkjk -> %System32%\pmkjk.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/27/2007 7:29:22 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1} [HKLM] -> %System32%\nlbyqtxr.dll [Reg Data - Value does not exist] -> [Ver = | Size = 66112 bytes | Modified Date = 6/27/2007 10:16:50 AM | Attr = ]
{40B23424-FE37-4E2C-A0D8-E07A174A2391} [HKLM] -> %System32%\pmkjk.dll [Reg Data - Value does not exist] -> [Ver = | Size = 266336 bytes | Modified Date = 6/27/2007 7:29:22 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{C63C47F9-4B1A-4137-A290-B4B9DD6F63A8} [HKLM] -> %System32%\gebyv.dll [Reg Data - Value does not exist] -> File not found
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} [HKLM] -> %ProgramFiles%\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll [CPub Object] -> Osborn Technologies, Inc. [Ver = 3.0 | Size = 262144 bytes | Modified Date = 11/22/2004 5:31:52 AM | Attr = ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [Reg Data - Value does not exist] -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 9:37:24 AM | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [MenuText: Sun Java Console] -> JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 1/1/2004 7:34:00 AM | Attr = ]
{0D555BC6-E331-48b3-A60E-AAC0DF79438A} -> Reg Data - Value does not exist [ButtonText: Popup Blocker] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 8/21/2006 3:22:00 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5C864DA1-AEBA-43DE-AC7A-30390B4800D5} -> () ->
{F7838824-CFE0-4E36-AD79-D5818E4C6DED} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/9/b...heckControl.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1182717650421 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{B9191F79-5613-4C76-AA2A-398534BB8999} -> - CodeBase = http://download.yahoo.com/dl/installs/yab_af.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->


[Files/Folders - Created Within 60 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/26/2007 7:02:00 PM | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/26/2007 10:20:19 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/10/2007 12:24:22 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 6/24/2007 6:48:05 PM | Attr = ]
DLA.EXE -> %SystemRoot%\DLA.EXE -> Roxio [Ver = 9.05.10a | Size = 92920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 6/24/2007 3:21:05 PM | Attr = S]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 6/24/2007 3:51:11 PM | Attr = H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 6/20/2007 3:57:06 PM | Attr = ]
bfqxdiij.dll -> %System32%\bfqxdiij.dll -> [Ver = | Size = 128576 bytes | Created Date = 6/27/2007 9:22:51 AM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DLAAPI_W.DLL -> %System32%\DLAAPI_W.DLL -> [Ver = | Size = 56056 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
jiidxqfb.ini -> %System32%\jiidxqfb.ini -> [Ver = | Size = 345 bytes | Created Date = 6/27/2007 9:23:03 AM | Attr = HS]
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Created Date = 6/23/2007 7:54:40 AM | Attr = ]
kjkmp.bak1 -> %System32%\kjkmp.bak1 -> [Ver = | Size = 6409 bytes | Created Date = 6/27/2007 6:29:39 AM | Attr = HS]
kjkmp.bak2 -> %System32%\kjkmp.bak2 -> [Ver = | Size = 1843636 bytes | Created Date = 6/27/2007 9:11:48 AM | Attr = HS]
kjkmp.ini -> %System32%\kjkmp.ini -> [Ver = | Size = 1847205 bytes | Created Date = 6/27/2007 6:29:24 AM | Attr = HS]
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Created Date = 6/21/2007 1:10:34 PM | Attr = ]
lxct.loc -> %System32%\lxct.loc -> [Ver = | Size = 1811 bytes | Created Date = 6/21/2007 1:10:06 PM | Attr = R ]
lxctcoin.dll -> %System32%\lxctcoin.dll -> [Ver = | Size = 344064 bytes | Created Date = 6/21/2007 1:10:07 PM | Attr = R ]
LXCTFXPU.DLL -> %System32%\LXCTFXPU.DLL -> [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
LXCThcp.dll -> %System32%\LXCThcp.dll -> [Ver = 99.99.99.99 | Size = 323584 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
LXCTinst.dll -> %System32%\LXCTinst.dll -> [Ver = | Size = 274432 bytes | Created Date = 6/21/2007 1:12:33 PM | Attr = ]
lxctpmon.dll -> %System32%\lxctpmon.dll -> [Ver = 0.1.35.8 | Size = 45056 bytes | Created Date = 6/21/2007 1:14:24 PM | Attr = ]
lxctpmrc.dll -> %System32%\lxctpmrc.dll -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 6/21/2007 1:14:04 PM | Attr = ]
nlbyqtxr.dll -> %System32%\nlbyqtxr.dll -> [Ver = | Size = 66112 bytes | Created Date = 6/27/2007 9:16:48 AM | Attr = ]
pmkjk.dll -> %System32%\pmkjk.dll -> [Ver = | Size = 266336 bytes | Created Date = 6/27/2007 6:29:19 AM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
SONYHCY.DLL -> %System32%\SONYHCY.DLL -> Sony Corporation [Ver = 1.00.0628 | Size = 53248 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 6/25/2007 4:27:54 PM | Attr = ]
uxkkscqr.exe -> %System32%\uxkkscqr.exe -> [Ver = | Size = 4672 bytes | Created Date = 6/27/2007 9:13:47 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/25/2007 7:12:57 PM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Created Date = 6/23/2007 7:55:10 AM | Attr = ]
DLACDBHM.SYS -> %System32%\drivers\DLACDBHM.SYS -> Roxio [Ver = local_build | Size = 12920 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DLARTL_M.SYS -> %System32%\drivers\DLARTL_M.SYS -> Roxio [Ver = local_build | Size = 28184 bytes | Created Date = 6/21/2007 9:48:37 PM | Attr = ]
DRVMCDB.SYS -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 9.10.06a | Size = 99816 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
DRVNDDM.SYS -> %System32%\drivers\DRVNDDM.SYS -> Roxio [Ver = 9.05.01a | Size = 51768 bytes | Created Date = 6/21/2007 9:48:38 PM | Attr = ]
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Created Date = 6/23/2007 10:51:41 AM | Attr = ]
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:07 PM | Attr = ]
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Created Date = 6/23/2007 6:36:08 PM | Attr = ]
sonyhcb.sys -> %System32%\drivers\sonyhcb.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 6097 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonyhcc.sys -> %System32%\drivers\sonyhcc.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 38739 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
Sonyhcp.dll -> %System32%\drivers\Sonyhcp.dll -> [Ver = | Size = 3654 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonyhcs.sys -> %System32%\drivers\sonyhcs.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 299923 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]
sonypvs1.sys -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Created Date = 6/21/2007 10:35:33 PM | Attr = ]

[Files/Folders - Modified Within 60 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/25/2007 4:43:56 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/25/2007 8:37:22 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 259575808 bytes | Modified Date = 6/27/2007 10:07:28 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/25/2007 8:12:38 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/24/2007 11:54:48 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/23/2007 8:55:22 AM | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/26/2007 8:36:20 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/25/2007 8:24:04 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/26/2007 11:17:00 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/26/2007 11:20:22 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/10/2007 1:24:26 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 6/24/2007 7:56:36 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/27/2007 10:07:32 AM | Attr = S]
D9H7ADHB.ocx -> %SystemRoot%\D9H7ADHB.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/27/2007 10:08:08 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/10/2007 1:19:58 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/24/2007 7:48:14 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/21/2007 10:42:52 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 6/24/2007 4:52:16 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/24/2007 4:34:18 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/24/2007 7:48:06 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/25/2007 4:44:14 PM | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 6/23/2007 6:46:16 PM | Attr = ]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 483 bytes | Modified Date = 6/21/2007 1:08:20 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 6/24/2007 4:52:32 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/23/2007 1:26:00 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/16/2007 12:20:26 PM | Attr = ]
occache -> %SystemRoot%\occache -> [Folder | Modified Date = 6/24/2007 4:21:08 PM | Attr = S]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/27/2007 10:14:02 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/7/2007 11:59:46 PM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 6/21/2007 10:38:46 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/21/2007 11:56:24 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/23/2007 10:21:18 AM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1035139 bytes | Modified Date = 6/24/2007 5:40:08 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/5/2007 3:05:10 PM | Attr = ]
SoftwareDistribution to Sdold -> %SystemRoot%\SoftwareDistribution to Sdold -> [Folder | Modified Date = 6/24/2007 3:41:10 PM | Attr = S]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/7/2007 11:59:50 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/27/2007 10:49:38 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/20/2007 4:57:08 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/27/2007 10:44:54 AM | Attr = ]
tsiwinfile.dat -> %SystemRoot%\tsiwinfile.dat -> [Ver = | Size = 64 bytes | Modified Date = 6/23/2007 6:46:58 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 629 bytes | Modified Date = 6/27/2007 10:08:12 AM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 312 bytes | Modified Date = 6/21/2007 10:48:40 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/21/2007 10:45:40 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 6/21/2007 10:38:18 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/24/2007 11:20:06 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/27/2007 10:07:40 AM | Attr = H ]
bfqxdiij.dll -> %System32%\bfqxdiij.dll -> [Ver = | Size = 128576 bytes | Modified Date = 6/27/2007 10:22:54 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/24/2007 5:41:40 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/24/2007 7:48:04 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/6/2007 5:13:04 PM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Modified Date = 6/21/2007 10:50:30 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/24/2007 5:00:14 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/25/2007 8:12:58 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 6/24/2007 4:52:40 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 363320 bytes | Modified Date = 6/21/2007 10:50:26 PM | Attr = ]
HAF9SE8J.ocx -> %System32%\HAF9SE8J.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 6/27/2007 10:08:08 AM | Attr = ]
jiidxqfb.ini -> %System32%\jiidxqfb.ini -> [Ver = | Size = 345 bytes | Modified Date = 6/27/2007 10:23:14 AM | Attr = HS]
jkkhebb.dll -> %System32%\jkkhebb.dll -> [Ver = | Size = 31254 bytes | Modified Date = 6/23/2007 8:54:42 AM | Attr = ]
kjkmp.bak1 -> %System32%\kjkmp.bak1 -> [Ver = | Size = 6409 bytes | Modified Date = 6/27/2007 7:29:40 AM | Attr = HS]
kjkmp.bak2 -> %System32%\kjkmp.bak2 -> [Ver = | Size = 1843636 bytes | Modified Date = 6/27/2007 10:11:50 AM | Attr = HS]
kjkmp.ini -> %System32%\kjkmp.ini -> [Ver = | Size = 1847205 bytes | Modified Date = 6/27/2007 10:49:38 AM | Attr = HS]
LexFiles.ulf -> %System32%\LexFiles.ulf -> [Ver = | Size = 21191 bytes | Modified Date = 6/21/2007 2:14:44 PM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 5/25/2007 1:43:48 PM | Attr = ]
nlbyqtxr.dll -> %System32%\nlbyqtxr.dll -> [Ver = | Size = 66112 bytes | Modified Date = 6/27/2007 10:16:50 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 61258 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401084 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 457628 bytes | Modified Date = 6/21/2007 11:56:06 PM | Attr = ]
pmkjk.dll -> %System32%\pmkjk.dll -> [Ver = | Size = 266336 bytes | Modified Date = 6/27/2007 7:29:22 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 6/24/2007 11:54:50 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3644 bytes | Modified Date = 6/25/2007 5:29:38 PM | Attr = ]
uxkkscqr.exe -> %System32%\uxkkscqr.exe -> [Ver = | Size = 4672 bytes | Modified Date = 6/27/2007 10:13:48 AM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/6/2007 5:14:00 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/27/2007 10:11:20 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 164787 bytes | Modified Date = 6/23/2007 8:55:12 AM | Attr = ]
FOPN.sys -> %System32%\drivers\FOPN.sys -> Windows ® Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 79872 bytes | Modified Date = 6/23/2007 11:51:42 AM | Attr = ]
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Modified Date = 5/15/2007 9:11:12 PM | Attr = ]
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.410 | Size = 82258 bytes | Modified Date = 5/15/2007 9:12:08 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.03 | Size = 10435072 bytes | Modified Date = 8/20/2003 9:37:38 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\bfqxdiij.dll -> [Ver = | Size = 128576 bytes | Modified Date = 6/27/2007 10:22:54 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctcfg.exe -> [Ver = 99.99.99.99 | Size = 381872 bytes | Modified Date = 11/22/2006 4:11:34 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctcoms.exe -> [Ver = 99.99.99.99 | Size = 537520 bytes | Modified Date = 11/22/2006 4:11:36 AM | Attr = ]
Thawte Consulting , -> %System32%\lxctih.exe -> [Ver = 99.99.99.99 | Size = 385968 bytes | Modified Date = 11/22/2006 4:11:38 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\nlbyqtxr.dll -> [Ver = | Size = 66112 bytes | Modified Date = 6/27/2007 10:16:50 AM | Attr = ]
PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 2/28/2002 2:42:54 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 2956 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 7:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 6:20:34 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XCeedCry.DLL -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 2/20/2001 10:47:54 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 11/7/2003 11:25:22 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >


I'm getting popups and address bar redirects...
This is one that popped up...
NOTICE: your computer has tracks of all sdult sites you have vsited. In most cases, yo are not even aware ogf teh files that get installed by themselves, violate your online praivcy and could compromise your career and your marriage. These filrs leave tracks of your online behavior and even compromise your credit cards securit. It's possible to clean up all temporary and history records of yourcomputer to remove these track. Would you like to install DriveCleaner to chec your computer for free? (Recommended)....I dare NOT click on it even to close it.
Who creates this crap anyway?
ok, ok....I'M CALM...just really tired of this and I do so geatly appreciate all your help OT

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:26 AM

Posted 27 June 2007 - 03:36 PM

Hi sbrntx. Ok, let's try this again. First, print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix). We will be doing a Vundo and AVG scan this time.

Next, Please follow the steps below in order:

Step #1
  • Select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - All]
YY -> uxkkscqr.exe -> %System32%\uxkkscqr.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> icq.com -> %System32%\bfqxdiij.dll [rundll32.exe "C:\WINDOWS\system32\bfqxdiij.dll",forkonce]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> jkkhebb -> %System32%\jkkhebb.dll
YY -> pmkjk -> %System32%\pmkjk.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {40B23424-FE37-4E2C-A0D8-E07A174A2391} [HKLM] -> %System32%\pmkjk.dll [Reg Data - Value does not exist]
YN -> {C63C47F9-4B1A-4137-A290-B4B9DD6F63A8} [HKLM] -> %System32%\gebyv.dll [Reg Data - Value does not exist]
YY -> {DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\jkkhebb.dll [Reg Data - Value does not exist]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {0D555BC6-E331-48b3-A60E-AAC0DF79438A} -> Reg Data - Value does not exist [ButtonText: Popup Blocker]
YN -> CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
[Files/Folders - Created Within 60 days]
NY -> bfqxdiij.dll -> %System32%\bfqxdiij.dll
NY -> jiidxqfb.ini -> %System32%\jiidxqfb.ini
NY -> jkkhebb.dll -> %System32%\jkkhebb.dll
NY -> kjkmp.bak1 -> %System32%\kjkmp.bak1
NY -> kjkmp.bak2 -> %System32%\kjkmp.bak2
NY -> kjkmp.ini -> %System32%\kjkmp.ini
NY -> nlbyqtxr.dll -> %System32%\nlbyqtxr.dll
NY -> pmkjk.dll -> %System32%\pmkjk.dll
NY -> uxkkscqr.exe -> %System32%\uxkkscqr.exe
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
[Files/Folders - Modified Within 60 days]
NY -> D9H7ADHB.ocx -> %SystemRoot%\D9H7ADHB.ocx
NY -> bfqxdiij.dll -> %System32%\bfqxdiij.dll
NY -> HAF9SE8J.ocx -> %System32%\HAF9SE8J.ocx
NY -> jiidxqfb.ini -> %System32%\jiidxqfb.ini
NY -> jkkhebb.dll -> %System32%\jkkhebb.dll
NY -> kjkmp.bak1 -> %System32%\kjkmp.bak1
NY -> kjkmp.bak2 -> %System32%\kjkmp.bak2
NY -> kjkmp.ini -> %System32%\kjkmp.ini
NY -> nlbyqtxr.dll -> %System32%\nlbyqtxr.dll
NY -> pmkjk.dll -> %System32%\pmkjk.dll
NY -> uxkkscqr.exe -> %System32%\uxkkscqr.exe
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
NY -> FOPN.sys -> %System32%\drivers\FOPN.sys
[File String Scan - Non-Microsoft Only]
NY -> PEC2 , PECompact2 , -> %System32%\bfqxdiij.dll
NY -> PEC2 , PECompact2 , -> %System32%\nlbyqtxr.dll
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time. You will be asked to reboot when the fix is complete. Choose Yes and reboot into Safe Mode as shown below.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #5

Post the following back here:
  • the VundoFix log located at c:\vundofix.txt
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 sbrntx

sbrntx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 28 June 2007 - 08:05 AM

Mornin' OT,
I followed your instructions to the letter and this is what happened.
AVG said "No Reports" and WinPFind will not run the fix. I keep getting the popup window saying the program is not responding.


VundoFix V6.5.1

Checking Java version...

Scan started at 8:02:00 PM 6/26/2007

Listing files found while scanning....

C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\vybeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 8:36:20 PM 6/26/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.1

Checking Java version...

Scan started at 9:55:50 PM 6/26/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.1

Checking Java version...

Scan started at 4:05:20 PM 6/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\kjkmp.bak1
C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\pmkjk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\kjkmp.bak1
C:\WINDOWS\system32\kjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmkjk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 4:33:03 PM 6/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\jkhhi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkhhi.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkhhi.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 7:38:33 PM 6/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\mllji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllji.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 10:33:35 PM 6/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 11:28:57 PM 6/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 12:20:47 AM 6/28/2007

Listing files found while scanning....

No infected files were found.


This is the last WinPFind log I have


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\103 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebyv deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhebb deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A1674EF-D01F-4432-A613-1AF593CA5827} not found.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54622BD0-DB10-4CB3-8977-C34077CBB411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54622BD0-DB10-4CB3-8977-C34077CBB411} deleted successfully.
DllUnregisterServer procedure not found in C:\Program Files\MSN Gaming Zone\qurozub83122.dll
C:\Program Files\MSN Gaming Zone\qurozub83122.dll NOT unregistered.
C:\Program Files\MSN Gaming Zone\qurozub83122.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\cs_cache.ini moved successfully.
C:\WINDOWS\rau001978.exe moved successfully.
C:\WINDOWS\tcb.pmw moved successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico moved successfully.
C:\WINDOWS\SYSTEM32\G1 moved successfully.
C:\WINDOWS\SYSTEM32\G2 moved successfully.
C:\WINDOWS\SYSTEM32\G3 moved successfully.
C:\WINDOWS\SYSTEM32\G4 moved successfully.
C:\WINDOWS\SYSTEM32\G5 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\o02PrEz moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.ini moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\vybeg.tmp moved successfully.
C:\WINDOWS\SYSTEM32\win moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.sys scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\rau001978.exe not found!
File C:\WINDOWS\tcb.pmw not found!
File C:\WINDOWS\SYSTEM32\G1 not found!
File C:\WINDOWS\SYSTEM32\G2 not found!
File C:\WINDOWS\SYSTEM32\G3 not found!
File C:\WINDOWS\SYSTEM32\G4 not found!
File C:\WINDOWS\SYSTEM32\G5 not found!
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\gebyv.dll
C:\WINDOWS\SYSTEM32\gebyv.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\gebyv.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\jkkhebb.dll
C:\WINDOWS\SYSTEM32\jkkhebb.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\jkkhebb.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\o02PrEz not found!
File C:\WINDOWS\SYSTEM32\vybeg.bak1 not found!
File C:\WINDOWS\SYSTEM32\vybeg.ini not found!
File C:\WINDOWS\SYSTEM32\vybeg.ini2 not found!
File C:\WINDOWS\SYSTEM32\vybeg.tmp not found!
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\drivers\core.sys scheduled to be moved on reboot.
[Empty Temp Folders]
C:\DOCUME~1\Riley\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Riley\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 06/25/2007 20:24:06


Thanks,
Sherry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users