Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-Ups Gone Crazy ;) [CLOSED]


  • This topic is locked This topic is locked

#1
rtrice81

rtrice81

    Member

  • Member
  • PipPip
  • 25 posts
Below you will find a HiJackThis log, however i feel that it is 2 DLLS causing the issues.

OVPQUVLX.DLL
TFXMTQPO.DLL

it appears they attach to the runndll32.exe and no matter what i can not get them to go away

I have ran Spybot Search and Destory and AVG 8.0 the box
i am in the process of running vundofix as well

thanks
richie



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:07 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\System32\DkLog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Program Files\CommVault Systems\Galaxy\Base\cvd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Program Files\CommVault Systems\Galaxy\Base\evmgrc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Datakey\Crypt32\DkAutoReg.exe
C:\Program Files\Datakey\Crypt32\DkMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.32.88
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://172.16.32.88
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.5.1.200:8080;https=10.5.1.200:8080;gopher=10.5.1.200:8080;socks=10.5.1.2
00:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 170.209.0.2;170.209.0.3;kirchman2;10.5.0.88;10.5.0.245;10.5.0.195;172.16.32.88;1
0.5.0.192;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26504DD1-4576-4CFC-B646-D8B227700496} - (no file)
O2 - BHO: (no name) - {2833ADCA-43B6-4702-9D8B-C64CEEDDF361} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {42469102-6E6C-41F4-97C0-F83C3AB1E6B5} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {44FC10FE-45D0-4221-800E-171533E3C19B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5993FE19-FED1-412F-A5AB-3DBB1395EBE7} - C:\WINDOWS\system32\geede.dll (file missing)
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {6A0AB1AC-75C0-4869-A98C-E8B46F122BB5} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Datakey\Crypt32\DkAutoReg.exe
O4 - HKLM\..\Run: [DkMonitor.exe] C:\Program Files\Datakey\Crypt32\DkMonitor.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Datakey\Crypt32\DkStartup.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [acad5a50] rundll32.exe "C:\WINDOWS\system32\ovpquvlx.dll",b
O4 - HKLM\..\Run: [BMaf9e69cc] Rundll32.exe "C:\WINDOWS\system32\tfxmtqpo.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: e.bat
O4 - Global Startup: fedline.bat
O4 - Global Startup: k.bat
O4 - Global Startup: nwdrive.bat
O4 - Global Startup: tumbleweed.bat
O4 - Global Startup: v.bat
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://172.16.32.88
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bankway.webe...ort/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ddcmd.com
O17 - HKLM\Software\..\Telephony: DomainName = ddcmd.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{34A6914D-D273-46F8-B29E-FC3807C10331}: NameServer = 10.5.0.191,10.5.0.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ddcmd.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{34A6914D-D273-46F8-B29E-FC3807C10331}: NameServer = 10.5.0.191,10.5.0.131
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Galaxy Communications Service (ControlSet001) (GxCVD(ControlSet001)) - CommVault Systems - C:\Program Files\CommVault Systems\Galaxy\Base\cvd.exe
O23 - Service: Galaxy Client Event Manager (ControlSet001) (GxEvMgrC(ControlSet001)) - CommVault Systems - C:\Program Files\CommVault Systems\Galaxy\Base\evmgrc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 8270 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Lop Check, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#3
rtrice81

rtrice81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
this was the report i got, always my AVG went crazy

[code=auto:0]OTScanIt logfile created on: 5/7/2008 1:13:13 PM
OTScanIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\ddcsystem\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 181.70 Mb Available Physical Memory | 35.56% Memory free
2.91 Gb Paging File | 2.62 Gb Available in Paging File | 89.87% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 15.32 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.99 Gb Total Space | 0.24 Gb Free Space | 3.05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 12.69 Gb Total Space | 3.36 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive L: | 12.69 Gb Total Space | 3.36 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive V: | 12.69 Gb Total Space | 3.36 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive X: | 33.83 Gb Total Space | 23.39 Gb Free Space | 69.12% Space Free | Partition Type: NTFS
Drive Y: | 12.69 Gb Total Space | 3.36 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive Z: | 33.83 Gb Total Space | 23.39 Gb Free Space | 69.12% Space Free | Partition Type: NTFS

Computer Name: OPERKIRCHMAN
Current User Name: ddcsystem
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
awhost32.exe -> %ProgramFiles%\Symantec\pcAnywhere\awhost32.exe -> Symantec Corporation [Ver = 10.5.1.505 | Size = 114749 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr = ]
dklog.exe -> %SystemRoot%\SYSTEM32\dklog.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 102400 bytes | Modified Date = 9/1/2004 5:14:32 PM | Attr = ]
dkvcm.exe -> %SystemRoot%\SYSTEM32\dkvcm.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 122880 bytes | Modified Date = 9/1/2004 5:29:56 PM | Attr = ]
cvd.exe -> %ProgramFiles%\CommVault Systems\Galaxy\Base\cvd.exe -> CommVault Systems [Ver = 5.9.48 | Size = 65536 bytes | Modified Date = 10/29/2004 12:24:00 AM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:54 AM | Attr = ]
winvnc.exe -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.2 | Size = 712704 bytes | Modified Date = 6/18/2006 3:56:10 PM | Attr = ]
dkcktkn.exe -> %SystemRoot%\SYSTEM32\dkcktkn.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 638976 bytes | Modified Date = 9/1/2004 5:21:22 PM | Attr = ]
evmgrc.exe -> %ProgramFiles%\CommVault Systems\Galaxy\Base\EvMgrC.exe -> CommVault Systems [Ver = 5.9.48 | Size = 229376 bytes | Modified Date = 10/29/2004 1:30:14 AM | Attr = ]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/7/2008 11:47:43 AM | Attr = ]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 5/7/2008 11:47:57 AM | Attr = ]
dkautoreg.exe -> %ProgramFiles%\Datakey\Crypt32\dkAutoReg.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 245760 bytes | Modified Date = 9/1/2004 5:22:52 PM | Attr = ]
dkmonitor.exe -> %ProgramFiles%\Datakey\Crypt32\dkMonitor.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 32768 bytes | Modified Date = 9/1/2004 5:22:18 PM | Attr = ]
shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 AM | Attr = ]
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/7/2008 11:47:54 AM | Attr = ]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 12/19/2006 3:06:00 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.12.1 | Size = 372224 bytes | Modified Date = 5/6/2008 2:53:20 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(awhost32) pcAnywhere Host Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\pcAnywhere\awhost32.exe -> Symantec Corporation [Ver = 10.5.1.505 | Size = 114749 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr = ]
(DkLogger) Datakey's Log Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\dklog.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 102400 bytes | Modified Date = 9/1/2004 5:14:32 PM | Attr = ]
(DkTknSrv) Datakey's Token Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\dkcktkn.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 638976 bytes | Modified Date = 9/1/2004 5:21:22 PM | Attr = ]
(DkVcm) Datakey's Virtual Channel Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\dkvcm.exe -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 122880 bytes | Modified Date = 9/1/2004 5:29:56 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ]
(GxCVD(ControlSet001)) Galaxy Communications Service (ControlSet001) [Win32_Own | Auto | Running] -> %ProgramFiles%\CommVault Systems\Galaxy\Base\cvd.exe -> CommVault Systems [Ver = 5.9.48 | Size = 65536 bytes | Modified Date = 10/29/2004 12:24:00 AM | Attr = ]
(GxEvMgrC(ControlSet001)) Galaxy Client Event Manager (ControlSet001) [Win32_Own | Auto | Running] -> %ProgramFiles%\CommVault Systems\Galaxy\Base\EvMgrC.exe -> CommVault Systems [Ver = 5.9.48 | Size = 229376 bytes | Modified Date = 10/29/2004 1:30:14 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 AM | Attr = ]
(McShield) McAfee McShield [Win32_Own | Auto | Paused] -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ]
(McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 86016 bytes | Modified Date = 8/2/2005 5:18:49 PM | Attr = ]
(winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.2 | Size = 712704 bytes | Modified Date = 6/18/2006 3:56:10 PM | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/7/2008 11:47:43 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 3:15:00 PM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 2:07:42 AM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr = ]
(ati2mtaa) ati2mtaa [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Modified Date = 8/4/2004 1:29:26 AM | Attr = ]
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AWLEGACY.sys -> Symantec Corporation [Ver = 9.2.1 | Size = 10816 bytes | Modified Date = 9/11/2000 10:50:00 AM | Attr = ]
(AW_HOST) AW_HOST [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AW_HOST5.sys -> Symantec Corporation [Ver = 10.5.1.497 | Size = 33496 bytes | Modified Date = 2/11/2002 10:51:00 AM | Attr = ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr = ]
(COAX) COAX [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\COAX.SYS -> Wall Data Incorporated. [Ver = 1502,0,0 | Size = 26528 bytes | Modified Date = 2/15/1999 6:00:00 AM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:07:17 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 3/19/2004 6:35:20 PM | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 4:07:28 PM | Attr = ]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 12:10:48 PM | Attr = S]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 1:56:26 PM | Attr = ]
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GERNUWA.sys -> Symantec Corporation [Ver = 10.5.0 | Size = 14944 bytes | Modified Date = 10/9/2001 10:50:00 AM | Attr = ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 4:59:20 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 4:56:26 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4020 | Size = 804317 bytes | Modified Date = 1/23/2005 11:05:06 AM | Attr = ]
(iKeyEnum) Rainbow iKey Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IKEYENUM.SYS -> Rainbow Technologies Inc. [Ver = 1.18.16.66 | Size = 11256 bytes | Modified Date = 7/31/2003 12:42:42 PM | Attr = ]
(iKeyIFD) Rainbow iKey Virtual Reader [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IKEYIFD.SYS -> Rainbow Technologies Inc. [Ver = 1.18.16.66 | Size = 16696 bytes | Modified Date = 7/31/2003 12:41:46 PM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 2:48:08 PM | Attr = ]
(mfeapfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfeapfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 64360 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 72264 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 34152 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ]
(mfetdik) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfetdik.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 52136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr = ]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 8/2/2005 5:10:13 PM | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 2:45:06 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 3/19/2004 6:41:54 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr = ]
(RMBS) RMBS [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\RMBS.SYS -> Wall Data Incorporated. [Ver = 1502,0,0 | Size = 18208 bytes | Modified Date = 2/15/1999 6:00:00 AM | Attr = ]
(RnbToken) Rainbow iKey Token Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\RNBTOKEN.SYS -> Rainbow Technologies Inc. [Ver = 1.18.16.66 | Size = 18168 bytes | Modified Date = 7/31/2003 12:41:04 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 2:07:42 AM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3600 | Size = 580992 bytes | Modified Date = 5/6/2003 10:14:34 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 10.3.2.8 | Size = 57968 bytes | Modified Date = 9/18/2001 7:25:48 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr = ]
(vnccom) vnccom [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\vnccom.SYS -> RDV Soft [Ver = 1.0.0.17 | Size = 6016 bytes | Modified Date = 6/26/2004 2:22:00 PM | Attr = ]
(vncdrv) vncdrv [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\vncdrv.sys -> RDV Soft [Ver = 1.00.17 | Size = 4736 bytes | Modified Date = 6/26/2004 2:22:00 PM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 4:58:02 PM | Attr = ]
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 113504 bytes | Modified Date = 4/15/2003 11:40:54 AM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 78752 bytes | Modified Date = 4/15/2003 11:40:46 AM | Attr = ]
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/7/2008 11:48:18 AM | Attr = ]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/7/2008 11:48:21 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
acad5a50 -> %SystemRoot%\system32\ovpquvlx.DLL [rundll32.exe "C:\WINDOWS\system32\ovpquvlx.dll",b] -> File not found
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/7/2008 11:47:54 AM | Attr = ]
BMaf9e69cc -> %SystemRoot%\system32\tfxmtqpo.DLL [Rundll32.exe "C:\WINDOWS\system32\tfxmtqpo.dll",s] -> File not found
DkAutoReg.exe -> %ProgramFiles%\Datakey\Crypt32\dkAutoReg.exe [C:\Program Files\Datakey\Crypt32\DkAutoReg.exe] -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 245760 bytes | Modified Date = 9/1/2004 5:22:52 PM | Attr = ]
DkMonitor.exe -> %ProgramFiles%\Datakey\Crypt32\dkMonitor.exe [C:\Program Files\Datakey\Crypt32\DkMonitor.exe] -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 32768 bytes | Modified Date = 9/1/2004 5:22:18 PM | Attr = ]
DkStartup -> %ProgramFiles%\Datakey\Crypt32\DkStartup.exe [C:\Program Files\Datakey\Crypt32\DkStartup.exe] -> Datakey, Inc. [Ver = 4.7.20.0035 | Size = 217088 bytes | Modified Date = 9/1/2004 5:22:34 PM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 12:43:40 PM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersProfile%\Start Menu\Programs\Startup\e.bat -> [Ver = | Size = 36 bytes | Modified Date = 10/20/2006 8:38:31 AM | Attr = ]
-> %AllUsersProfile%\Start Menu\Programs\Startup\fedline.bat -> [Ver = | Size = 108 bytes | Modified Date = 3/6/2008 6:54:31 PM | Attr = ]
-> %AllUsersProfile%\Start Menu\Programs\Startup\k.bat -> [Ver = | Size = 216 bytes | Modified Date = 11/14/2007 6:04:03 PM | Attr = ]
-> %AllUsersProfile%\Start Menu\Programs\Startup\nwdrive.bat -> [Ver = | Size = 52 bytes | Modified Date = 3/9/2007 12:45:13 PM | Attr = ]
-> %AllUsersProfile%\Start Menu\Programs\Startup\tumbleweed.bat -> [Ver = | Size = 138 bytes | Modified Date = 9/25/2006 1:55:06 PM | Attr = ]
-> %AllUsersProfile%\Start Menu\Programs\Startup\v.bat -> [Ver = | Size = 24 bytes | Modified Date = 1/14/2008 6:21:33 PM | Attr = ]
-> %AllUsersProfile%\Start Menu\Programs\Startup\WinZip Quick Pick.lnk -> File not found
< ddcsystem Startup Folder > -> C:\Documents and Settings\ddcsystem\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\SYSTEM32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/7/2008 11:48:26 AM | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
DkWLNP -> %SystemRoot%\SYSTEM32\DkWLNP.dll -> [Ver = | Size = 57344 bytes | Modified Date = 9/1/2004 5:29:48 PM | Attr = ]
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4020 | Size = 348160 bytes | Modified Date = 1/23/2005 10:31:10 AM | Attr = ]
PCANotify -> %SystemRoot%\SYSTEM32\PCANotify.dll -> Symantec Corporation [Ver = 10.5.1.505 | Size = 24638 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> DDC users only. ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> WARNING! This computer system is the property of Delmarva Data Center and may be accessed only by authorized users. Unauthorized use of this system is strictly prohibited and may be subject to criminal prosecution. The Data Center may monitor any activity or communication on the system and retrieve any information stored within the system. By accessing and using this computer
you are consenting to such monitoring and information retrieval for law enforcement and other purposes. Users should have no expectation of privacy as to any communication on or information stored within the system. ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 1 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 1:59:52 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomLite-On_LTN486S_48x_Max_________________YDS6____\5&33fcab6&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 3/20/2004 1:58:32 PM | Attr = ]
< HOSTS File > (223107 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
10.5.0.207 xvision -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://172.16.32.88 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.dell4me.com/mywaybiz ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://172.16.32.88 ->
HKEY_CURRENT_USER\: ProxyEnable -> 1 ->
HKEY_CURRENT_USER\: ProxyOverride -> 170.209.0.2;170.209.0.3;kirchman2;10.5.0.88;10.5.0.245;10.5.0.195;172.16.32.88;1
0.5.0.192;<local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 9:38:22 PM | Attr = ]
{26504DD1-4576-4CFC-B646-D8B227700496} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{2833ADCA-43B6-4702-9D8B-C64CEEDDF361} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 5/7/2008 11:47:58 AM | Attr = ]
{42469102-6E6C-41F4-97C0-F83C3AB1E6B5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mllmk.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{44FC10FE-45D0-4221-800E-171533E3C19B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr = ]
{5993FE19-FED1-412F-A5AB-3DBB1395EBE7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geede.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{601ED020-FB6C-11D3-87D8-0050DA59922B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Ipswitch\WS_FTP Pro\wsbho2k0.dll [WsftpBrowserHelper Class] -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 [Ver = 9,0,1,0 | Size = 118830 bytes | Modified Date = 8/18/2004 2:35:14 PM | Attr = ]
{6A0AB1AC-75C0-4869-A98C-E8B46F122BB5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/7/2008 11:48:06 AM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/7/2008 11:48:06 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/7/2008 11:48:06 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [MUSICMATCH MX Web Player] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{34A6914D-D273-46F8-B29E-FC3807C10331} -> 10.5.0.191,10.5.0.131 (Intel(R) PRO/100 VE Network Connection) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 5/7/2008 11:48:04 AM | Attr = ]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://bankway.webex.com/client/T25L/support/ieatgpc.cab[GpcContainer Class] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\.Owner -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MOVEitUploadWizard3.4.0.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MOVEitUploadWizard3.4.0.ocx\\.Owner -> {A81DF11E-14EB-48F6-B7CF-8D06AB608DE3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MOVEitUploadWizard3.4.0.ocx\\{A81DF11E-14EB-48F6-B7CF-8D06AB608DE3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyAuthenticationLevel -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoRebootWithLoggedOnUsers -> 0 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ]
C:\WINDOWS\system32\mllmk.dll -> %SystemRoot%\system32\mllmk.dll -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 796 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach the report as it is too big to post
  • 0

#5
rtrice81

rtrice81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
lets give this a try

thanks
richie

Attached Files


  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> acad5a50 -> %SystemRoot%\system32\ovpquvlx.DLL [rundll32.exe "C:\WINDOWS\system32\ovpquvlx.dll",b]
YN -> BMaf9e69cc -> %SystemRoot%\system32\tfxmtqpo.DLL [Rundll32.exe "C:\WINDOWS\system32\tfxmtqpo.dll",s]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\e.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\fedline.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\k.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\nwdrive.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\tumbleweed.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\v.bat
YN -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {26504DD1-4576-4CFC-B646-D8B227700496} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {2833ADCA-43B6-4702-9D8B-C64CEEDDF361} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {42469102-6E6C-41F4-97C0-F83C3AB1E6B5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mllmk.dll [Reg Error: Value does not exist or could not be read.]
YN -> {5993FE19-FED1-412F-A5AB-3DBB1395EBE7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geede.dll [Reg Error: Value does not exist or could not be read.]
YN -> {6A0AB1AC-75C0-4869-A98C-E8B46F122BB5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
YN -> {d81ca86b-ef63-42af-bee3-4502d9a03c2d}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [MUSICMATCH MX Web Player]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\mllmk.dll -> %SystemRoot%\system32\mllmk.dll
< BotCheck > ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> acad5a50 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\ovpquvlx.DLL
YN -> BMaf9e69cc hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\tfxmtqpo.DLL
[Files/Folders - Created Within 90 days]
NY -> tumbleweed.pfx -> %SystemDrive%\tumbleweed.pfx
NY -> ' -> %SystemRoot%\System32\'
NY -> dwgmjjxr.dll -> %SystemRoot%\System32\dwgmjjxr.dll
NY -> dybxqehs.dll -> %SystemRoot%\System32\dybxqehs.dll
NY -> epoPGPsdk.dll -> %SystemRoot%\System32\epoPGPsdk.dll
NY -> epoPGPsdk.dll.sig -> %SystemRoot%\System32\epoPGPsdk.dll.sig
NY -> fkqatwuv.dll -> %SystemRoot%\System32\fkqatwuv.dll
NY -> gngsocrq.dll -> %SystemRoot%\System32\gngsocrq.dll
NY -> hckwxtcm.dll -> %SystemRoot%\System32\hckwxtcm.dll
NY -> hpvhflgq.dll -> %SystemRoot%\System32\hpvhflgq.dll
NY -> iuhiuvrn.ini -> %SystemRoot%\System32\iuhiuvrn.ini
NY -> jgeruvwx.dll -> %SystemRoot%\System32\jgeruvwx.dll
NY -> kljqsjkv.dll -> %SystemRoot%\System32\kljqsjkv.dll
NY -> kmllm.ini -> %SystemRoot%\System32\kmllm.ini
NY -> kmllm.ini2 -> %SystemRoot%\System32\kmllm.ini2
NY -> kwkvcuec.dll -> %SystemRoot%\System32\kwkvcuec.dll
NY -> ljyneknm.dll -> %SystemRoot%\System32\ljyneknm.dll
NY -> mbujhsnb.ini -> %SystemRoot%\System32\mbujhsnb.ini
NY -> mfdkdrbo.ini -> %SystemRoot%\System32\mfdkdrbo.ini
NY -> mnkenyjl.ini -> %SystemRoot%\System32\mnkenyjl.ini
NY -> neauyyuv.dll -> %SystemRoot%\System32\neauyyuv.dll
NY -> nxyqrnej.dll -> %SystemRoot%\System32\nxyqrnej.dll
NY -> obrdkdfm.dll -> %SystemRoot%\System32\obrdkdfm.dll
NY -> ocpnlpwq.dll -> %SystemRoot%\System32\ocpnlpwq.dll
NY -> peeungar.dll -> %SystemRoot%\System32\peeungar.dll
NY -> Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll
NY -> qwplnpco.ini -> %SystemRoot%\System32\qwplnpco.ini
NY -> ragnueep.ini -> %SystemRoot%\System32\ragnueep.ini
NY -> tfxmtqpo.dll1 -> %SystemRoot%\System32\tfxmtqpo.dll1
NY -> wbvfitsa.dll -> %SystemRoot%\System32\wbvfitsa.dll
NY -> xlvuqpvo.ini -> %SystemRoot%\System32\xlvuqpvo.ini
NY -> BMaf9e69cc.xml -> %SystemRoot%\BMaf9e69cc.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 90 days]
NY -> ' -> %SystemRoot%\System32\'
NY -> dwgmjjxr.dll -> %SystemRoot%\System32\dwgmjjxr.dll
NY -> dybxqehs.dll -> %SystemRoot%\System32\dybxqehs.dll
NY -> edeeg.ini -> %SystemRoot%\System32\edeeg.ini
NY -> edeeg.ini2 -> %SystemRoot%\System32\edeeg.ini2
NY -> fkqatwuv.dll -> %SystemRoot%\System32\fkqatwuv.dll
NY -> gngsocrq.dll -> %SystemRoot%\System32\gngsocrq.dll
NY -> hckwxtcm.dll -> %SystemRoot%\System32\hckwxtcm.dll
NY -> hpvhflgq.dll -> %SystemRoot%\System32\hpvhflgq.dll
NY -> iuhiuvrn.ini -> %SystemRoot%\System32\iuhiuvrn.ini
NY -> jgeruvwx.dll -> %SystemRoot%\System32\jgeruvwx.dll
NY -> kljqsjkv.dll -> %SystemRoot%\System32\kljqsjkv.dll
NY -> kmllm.ini -> %SystemRoot%\System32\kmllm.ini
NY -> kmllm.ini2 -> %SystemRoot%\System32\kmllm.ini2
NY -> kwkvcuec.dll -> %SystemRoot%\System32\kwkvcuec.dll
NY -> ljyneknm.dll -> %SystemRoot%\System32\ljyneknm.dll
NY -> mbujhsnb.ini -> %SystemRoot%\System32\mbujhsnb.ini
NY -> mfdkdrbo.ini -> %SystemRoot%\System32\mfdkdrbo.ini
NY -> mnkenyjl.ini -> %SystemRoot%\System32\mnkenyjl.ini
NY -> neauyyuv.dll -> %SystemRoot%\System32\neauyyuv.dll
NY -> nxyqrnej.dll -> %SystemRoot%\System32\nxyqrnej.dll
NY -> obrdkdfm.dll -> %SystemRoot%\System32\obrdkdfm.dll
NY -> ocpnlpwq.dll -> %SystemRoot%\System32\ocpnlpwq.dll
NY -> peeungar.dll -> %SystemRoot%\System32\peeungar.dll
NY -> qwplnpco.ini -> %SystemRoot%\System32\qwplnpco.ini
NY -> ragnueep.ini -> %SystemRoot%\System32\ragnueep.ini
NY -> tfxmtqpo.dll1 -> %SystemRoot%\System32\tfxmtqpo.dll1
NY -> wbvfitsa.dll -> %SystemRoot%\System32\wbvfitsa.dll
NY -> xlvuqpvo.ini -> %SystemRoot%\System32\xlvuqpvo.ini
NY -> BMaf9e69cc.xml -> %SystemRoot%\BMaf9e69cc.xml
NY -> GLF18.EXE -> C:\WINDOWS\Temp\GLF18.EXE
NY -> GLF1E7.EXE -> C:\WINDOWS\Temp\GLF1E7.EXE
NY -> GLF270.EXE -> C:\WINDOWS\Temp\GLF270.EXE
NY -> GLF2D4.EXE -> C:\WINDOWS\Temp\GLF2D4.EXE
NY -> GLFF.EXE -> C:\WINDOWS\Temp\GLFF.EXE
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#7
rtrice81

rtrice81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
what do the

"YY"
"YN"
"NY"


mean before the the keys and processess?

for example
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\e.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\fedline.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\k.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\nwdrive.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\tumbleweed.bat
YY -> ~EmptyValue -> %AllUsersProfile%\Start Menu\Programs\Startup\v.bat

i need these bat files as they map network drives and such


thanks
richie
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ah was wondering what they were, they looked suspiciously like malware. Have removed them from the list

Put this into OTScanIt then

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> acad5a50 -> %SystemRoot%\system32\ovpquvlx.DLL [rundll32.exe "C:\WINDOWS\system32\ovpquvlx.dll",b]
YN -> BMaf9e69cc -> %SystemRoot%\system32\tfxmtqpo.DLL [Rundll32.exe "C:\WINDOWS\system32\tfxmtqpo.dll",s]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {26504DD1-4576-4CFC-B646-D8B227700496} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {2833ADCA-43B6-4702-9D8B-C64CEEDDF361} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {42469102-6E6C-41F4-97C0-F83C3AB1E6B5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mllmk.dll [Reg Error: Value does not exist or could not be read.]
YN -> {5993FE19-FED1-412F-A5AB-3DBB1395EBE7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geede.dll [Reg Error: Value does not exist or could not be read.]
YN -> {6A0AB1AC-75C0-4869-A98C-E8B46F122BB5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
YN -> {d81ca86b-ef63-42af-bee3-4502d9a03c2d}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [MUSICMATCH MX Web Player]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\mllmk.dll -> %SystemRoot%\system32\mllmk.dll
< BotCheck > ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> acad5a50 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\ovpquvlx.DLL
YN -> BMaf9e69cc hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\tfxmtqpo.DLL
[Files/Folders - Created Within 90 days]
NY -> ' -> %SystemRoot%\System32\'
NY -> dwgmjjxr.dll -> %SystemRoot%\System32\dwgmjjxr.dll
NY -> dybxqehs.dll -> %SystemRoot%\System32\dybxqehs.dll
NY -> epoPGPsdk.dll -> %SystemRoot%\System32\epoPGPsdk.dll
NY -> epoPGPsdk.dll.sig -> %SystemRoot%\System32\epoPGPsdk.dll.sig
NY -> fkqatwuv.dll -> %SystemRoot%\System32\fkqatwuv.dll
NY -> gngsocrq.dll -> %SystemRoot%\System32\gngsocrq.dll
NY -> hckwxtcm.dll -> %SystemRoot%\System32\hckwxtcm.dll
NY -> hpvhflgq.dll -> %SystemRoot%\System32\hpvhflgq.dll
NY -> iuhiuvrn.ini -> %SystemRoot%\System32\iuhiuvrn.ini
NY -> jgeruvwx.dll -> %SystemRoot%\System32\jgeruvwx.dll
NY -> kljqsjkv.dll -> %SystemRoot%\System32\kljqsjkv.dll
NY -> kmllm.ini -> %SystemRoot%\System32\kmllm.ini
NY -> kmllm.ini2 -> %SystemRoot%\System32\kmllm.ini2
NY -> kwkvcuec.dll -> %SystemRoot%\System32\kwkvcuec.dll
NY -> ljyneknm.dll -> %SystemRoot%\System32\ljyneknm.dll
NY -> mbujhsnb.ini -> %SystemRoot%\System32\mbujhsnb.ini
NY -> mfdkdrbo.ini -> %SystemRoot%\System32\mfdkdrbo.ini
NY -> mnkenyjl.ini -> %SystemRoot%\System32\mnkenyjl.ini
NY -> neauyyuv.dll -> %SystemRoot%\System32\neauyyuv.dll
NY -> nxyqrnej.dll -> %SystemRoot%\System32\nxyqrnej.dll
NY -> obrdkdfm.dll -> %SystemRoot%\System32\obrdkdfm.dll
NY -> ocpnlpwq.dll -> %SystemRoot%\System32\ocpnlpwq.dll
NY -> peeungar.dll -> %SystemRoot%\System32\peeungar.dll
NY -> Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll
NY -> qwplnpco.ini -> %SystemRoot%\System32\qwplnpco.ini
NY -> ragnueep.ini -> %SystemRoot%\System32\ragnueep.ini
NY -> tfxmtqpo.dll1 -> %SystemRoot%\System32\tfxmtqpo.dll1
NY -> wbvfitsa.dll -> %SystemRoot%\System32\wbvfitsa.dll
NY -> xlvuqpvo.ini -> %SystemRoot%\System32\xlvuqpvo.ini
NY -> BMaf9e69cc.xml -> %SystemRoot%\BMaf9e69cc.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 90 days]
NY -> ' -> %SystemRoot%\System32\'
NY -> dwgmjjxr.dll -> %SystemRoot%\System32\dwgmjjxr.dll
NY -> dybxqehs.dll -> %SystemRoot%\System32\dybxqehs.dll
NY -> edeeg.ini -> %SystemRoot%\System32\edeeg.ini
NY -> edeeg.ini2 -> %SystemRoot%\System32\edeeg.ini2
NY -> fkqatwuv.dll -> %SystemRoot%\System32\fkqatwuv.dll
NY -> gngsocrq.dll -> %SystemRoot%\System32\gngsocrq.dll
NY -> hckwxtcm.dll -> %SystemRoot%\System32\hckwxtcm.dll
NY -> hpvhflgq.dll -> %SystemRoot%\System32\hpvhflgq.dll
NY -> iuhiuvrn.ini -> %SystemRoot%\System32\iuhiuvrn.ini
NY -> jgeruvwx.dll -> %SystemRoot%\System32\jgeruvwx.dll
NY -> kljqsjkv.dll -> %SystemRoot%\System32\kljqsjkv.dll
NY -> kmllm.ini -> %SystemRoot%\System32\kmllm.ini
NY -> kmllm.ini2 -> %SystemRoot%\System32\kmllm.ini2
NY -> kwkvcuec.dll -> %SystemRoot%\System32\kwkvcuec.dll
NY -> ljyneknm.dll -> %SystemRoot%\System32\ljyneknm.dll
NY -> mbujhsnb.ini -> %SystemRoot%\System32\mbujhsnb.ini
NY -> mfdkdrbo.ini -> %SystemRoot%\System32\mfdkdrbo.ini
NY -> mnkenyjl.ini -> %SystemRoot%\System32\mnkenyjl.ini
NY -> neauyyuv.dll -> %SystemRoot%\System32\neauyyuv.dll
NY -> nxyqrnej.dll -> %SystemRoot%\System32\nxyqrnej.dll
NY -> obrdkdfm.dll -> %SystemRoot%\System32\obrdkdfm.dll
NY -> ocpnlpwq.dll -> %SystemRoot%\System32\ocpnlpwq.dll
NY -> peeungar.dll -> %SystemRoot%\System32\peeungar.dll
NY -> qwplnpco.ini -> %SystemRoot%\System32\qwplnpco.ini
NY -> ragnueep.ini -> %SystemRoot%\System32\ragnueep.ini
NY -> tfxmtqpo.dll1 -> %SystemRoot%\System32\tfxmtqpo.dll1
NY -> wbvfitsa.dll -> %SystemRoot%\System32\wbvfitsa.dll
NY -> xlvuqpvo.ini -> %SystemRoot%\System32\xlvuqpvo.ini
NY -> BMaf9e69cc.xml -> %SystemRoot%\BMaf9e69cc.xml
NY -> GLF18.EXE -> C:\WINDOWS\Temp\GLF18.EXE
NY -> GLF1E7.EXE -> C:\WINDOWS\Temp\GLF1E7.EXE
NY -> GLF270.EXE -> C:\WINDOWS\Temp\GLF270.EXE
NY -> GLF2D4.EXE -> C:\WINDOWS\Temp\GLF2D4.EXE
NY -> GLFF.EXE -> C:\WINDOWS\Temp\GLFF.EXE
[Empty Temp Folders]
[Start Explorer]
[Reboot]
  • 0

#9
rtrice81

rtrice81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
still didn't answer my question :) lol

i will run it when they aren't using the pc any longer

thanks
richie
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It is usually best if we don't get too technical on these matters

For example

NY

The N part means the registry entry is not being deleted, the Y part means the file is being deleted
  • 0

#11
rtrice81

rtrice81

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
thats what i figured i would like to become a tech on here one day, to help everyone out
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
There is a sticky thread for doing the training here

Let me know how that goes
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP