Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RunDLL Exception,UMonitor


  • Please log in to reply

#1
rigjunkie

rigjunkie

    New Member

  • Member
  • Pip
  • 2 posts
Hi
Having come across Smonahan's problem in Topic 6650 and it's successful resolution, I am submitting a very similar annoyance.

I'm getting a RUNDLL error message when I boot my laptop, similar to what others on this site have reported:

RUNDLL
An exception ocurred while trying to run ""C:\windows\system32\<filename>", UMonitor. The error message is different each time, popping up when the internet is accessed.
Various pop-ups also occur,usually 1 of......
c.azjmp.com
c.qckjmp.com

In addition, my Recycle bin on the desktop is not functioning - files deleted are not stored even though the check box is ticked to disable automatic deletion. Since I run Norton Antivirus and Internet security, I used to have a Norton protected Recycle bin on the desktop but this is no longer present - but I can't say when or how this was removed.

I've run Ad-aware, Spybot, Hijackthis and Findit as per your advice on other postings and the logs are listed below:

Ad-Aware

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :10 January 2005 08:27:50
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


10-01-2005 08:27:50 - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 10-01-2005 07:18:34
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 10-01-2005 07:19:18
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-01-2005 07:19:23
BasePriority : Normal
FileSize : 105 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:27:51
Last modified : 04/08/2004 07:56:55

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-01-2005 07:19:23
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:27:51
Last modified : 04/08/2004 07:56:50

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-01-2005 07:19:39
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:27:51
Last modified : 04/08/2004 07:56:57

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-01-2005 07:19:42
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:27:51
Last modified : 04/08/2004 07:56:57

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-01-2005 07:19:47
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:11:58
Last modified : 04/08/2004 07:56:57

#:8 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-01-2005 07:19:55
BasePriority : Normal
FileSize : 213 KB
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
OriginalFilename : ccProxy.exe
ProductName : Common Client
Created on : 07/01/2005 02:06:09
Last accessed : 10/01/2005 08:27:51
Last modified : 14/09/2004 21:02:22

#:9 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-01-2005 07:19:57
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 07/01/2005 02:04:03
Last accessed : 10/01/2005 08:27:51
Last modified : 14/09/2004 21:02:26

#:10 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-01-2005 07:19:58
BasePriority : Normal
FileSize : 43 KB
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
Copyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
OriginalFilename : CTsvcCDA.EXE
ProductName : Creative Service for CDROM Access
Created on : 02/04/2004 20:50:07
Last accessed : 10/01/2005 08:27:51
Last modified : 13/12/1999 00:01:00

#:11 [activitydisk.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ThreadCreationTime : 10-01-2005 07:19:58
BasePriority : Normal
FileSize : 60 KB
FileVersion : 1, 7, 2, 0
ProductVersion : 1, 7, 2, 0
Copyright : Copyright
CompanyName : Iomega Corporation
FileDescription : ActivityDisk
InternalName : ActivityDisk
OriginalFilename : ActivityDisk.exe
ProductName : SmartSoft ActivityDisk
Created on : 20/09/2001 07:24:40
Last accessed : 10/01/2005 08:27:51
Last modified : 20/09/2001 07:23:18

#:12 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 10-01-2005 07:19:58
BasePriority : Normal
FileSize : 288 KB
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
Copyright : Copyright © Eastman Kodak Co. 2000-2003
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 18/06/2003 08:54:10
Last accessed : 10/01/2005 08:27:51
Last modified : 18/06/2003 08:54:10

#:13 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 10-01-2005 07:19:59
BasePriority : Normal
FileSize : 308 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 05/01/2002 07:00:38
Last accessed : 10/01/2005 08:27:51
Last modified : 05/01/2002 07:00:38

#:14 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 10-01-2005 07:19:59
BasePriority : Normal
FileSize : 155 KB
FileVersion : 10.00.2
ProductVersion : 10.00.2
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 07/01/2005 02:23:24
Last accessed : 10/01/2005 08:27:51
Last modified : 23/04/2004 11:04:18

#:15 [savscan.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ThreadCreationTime : 10-01-2005 07:20:02
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright © 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 07/01/2005 02:06:03
Last accessed : 10/01/2005 08:27:51
Last modified : 04/12/2003 18:22:30

#:16 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-01-2005 07:20:03
BasePriority : Normal
FileSize : 177 KB
Created on : 04/02/2003 07:22:30
Last accessed : 10/01/2005 08:27:51
Last modified : 04/02/2003 07:22:30

#:17 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-01-2005 07:20:04
BasePriority : Normal
FileSize : 201 KB
FileVersion : 5.4.3.11
ProductVersion : 5.4
Copyright : Copyright 2002, 2003, 2004 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
OriginalFilename : SndSrvc.exe
ProductName : Symantec Security Drivers
Created on : 15/10/2004 16:24:42
Last accessed : 10/01/2005 08:27:51
Last modified : 15/10/2004 16:24:42

#:18 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ThreadCreationTime : 10-01-2005 07:20:04
BasePriority : Normal
FileSize : 44 KB
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
Copyright : Copyright
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
OriginalFilename : SMAgent.exe
ProductName : SoundMAX service agent
Created on : 12/11/2003 16:19:11
Last accessed : 10/01/2005 08:27:51
Last modified : 20/09/2002 16:50:10

#:19 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 10-01-2005 07:20:09
BasePriority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
Copyright : Copyright © 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 06/01/2005 06:48:43
Last accessed : 10/01/2005 08:27:52
Last modified : 06/01/2005 06:48:43

#:20 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-01-2005 07:20:22
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft ® DRM
Created on : 01/05/2001 17:06:22
Last accessed : 10/01/2005 08:27:52
Last modified : 01/05/2001 17:06:22

#:21 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-01-2005 07:20:24
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 07/01/2005 02:04:02
Last accessed : 10/01/2005 08:17:36
Last modified : 14/09/2004 21:02:20

#:22 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ThreadCreationTime : 10-01-2005 07:20:27
BasePriority : Normal
FileSize : 309 KB
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
Copyright : Copyright © 1997-2004 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
OriginalFilename : SymWSC.exe
ProductName : Norton Security Center
Created on : 10/11/2004 04:30:12
Last accessed : 10/01/2005 08:27:52
Last modified : 02/11/2004 16:59:50

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 10-01-2005 07:22:29
BasePriority : Normal
FileSize : 1008 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:02:39
Last modified : 04/08/2004 07:56:49

#:24 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-01-2005 07:22:50
BasePriority : Normal
FileSize : 15 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:27:52
Last modified : 04/08/2004 07:56:48

#:25 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ThreadCreationTime : 10-01-2005 07:23:26
BasePriority : Normal
FileSize : 156 KB
FileVersion : 5.3.10.177
ProductVersion : 5.3.10.177
Copyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
OriginalFilename : Apoint.exe
ProductName : Alps Pointing-device Driver
Created on : 08/10/2003 03:40:00
Last accessed : 10/01/2005 08:27:52
Last modified : 08/10/2003 03:40:00

#:26 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 10-01-2005 07:23:29
BasePriority : Normal
FileSize : 86 KB
FileVersion : 2.1.34 2.1.34 09/23/2003 17:06:56
ProductVersion : 2.1.34 2.1.34 09/23/2003 17:06:56
Copyright : Copyright
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
OriginalFilename : smdmstat.exe
ProductName : Agere SoftModem Messaging Applet
Created on : 30/09/2003 18:31:52
Last accessed : 10/01/2005 08:27:52
Last modified : 30/09/2003 18:31:52

#:27 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ThreadCreationTime : 10-01-2005 07:23:34
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.14.10.5043
ProductVersion : 6.14.10.5043
Copyright : Copyright © 1998-2002 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 12/11/2003 16:22:51
Last accessed : 10/01/2005 08:27:52
Last modified : 11/09/2003 21:10:00

#:28 [hpqcmon.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\
ThreadCreationTime : 10-01-2005 07:23:35
BasePriority : Normal
FileSize : 88 KB
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
Copyright : Copyright © 2001
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
OriginalFilename : HpqCmon.EXE
ProductName : HpqCmon Application
Created on : 07/10/2002 00:23:20
Last accessed : 10/01/2005 08:27:52
Last modified : 07/10/2002 00:23:20

#:29 [eabservr.exe]
FilePath : C:\Program Files\HPQ\Quick Launch Buttons\
ThreadCreationTime : 10-01-2005 07:23:36
BasePriority : Normal
FileSize : 232 KB
FileVersion : 4, 20, 1, 5
ProductVersion : 4, 20, 1, 5
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : Quick Launch Buttons
InternalName : eabsrvr
OriginalFilename : eabsrvr.exe
ProductName : Quick Launch Buttons
Created on : 12/11/2003 16:44:45
Last accessed : 10/01/2005 08:23:39
Last modified : 26/09/2003 09:04:16

#:30 [drgtodsc.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\
ThreadCreationTime : 10-01-2005 07:23:39
BasePriority : Normal
FileSize : 848 KB
FileVersion : 6.1.1.18
ProductVersion : 6.1.1.18
Copyright : Copyright © 1999-2003 Roxio, Inc.
CompanyName : Roxio
FileDescription : Drag To Disc Application
InternalName : D2D
OriginalFilename : BurnCtrl.EXE
ProductName : Drag-to-Disc
Created on : 18/07/2003 17:23:22
Last accessed : 10/01/2005 08:27:52
Last modified : 18/07/2003 17:23:22

#:31 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ThreadCreationTime : 10-01-2005 07:23:40
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
Copyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
OriginalFilename : ApntEx.exe
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
Created on : 08/10/2003 03:40:00
Last accessed : 10/01/2005 08:27:52
Last modified : 08/10/2003 03:40:00

#:32 [hpwuschd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ThreadCreationTime : 10-01-2005 07:23:45
BasePriority : Normal
FileSize : 48 KB
Created on : 17/12/2002 11:40:22
Last accessed : 10/01/2005 08:27:52
Last modified : 17/12/2002 11:40:22

#:33 [hphmon05.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-01-2005 07:23:48
BasePriority : Normal
FileSize : 472 KB
FileVersion : 5,0,84
ProductVersion : 5,0,84
Copyright : Copyright © 2003
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
OriginalFilename : HPHmon05.exe
ProductName : HP Photosmart
Created on : 12/11/2003 16:49:30
Last accessed : 10/01/2005 08:27:53
Last modified : 22/05/2003 19:55:38

#:34 [imgicon.exe]
FilePath : C:\Program Files\Iomega\DriveIcons\
ThreadCreationTime : 10-01-2005 07:23:54
BasePriority : Normal
FileSize : 60 KB
FileVersion : 6, 3, 0, 30
ProductVersion : 6, 3, 0, 30
Copyright : 6.3, Copyright
CompanyName : Iomega Corp.
FileDescription : IMGICON
InternalName : IMGICON
OriginalFilename : IMGICON.exe
ProductName : Iomega Corp. IMGICON 6.3
Created on : 06/06/2001 08:40:45
Last accessed : 10/01/2005 08:27:53
Last modified : 12/09/2001 10:35:31

#:35 [mm_tray.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ThreadCreationTime : 10-01-2005 07:23:56
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.1052
ProductVersion : 7.10.1052
Copyright : Copyright
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 30/03/2004 22:14:00
Last accessed : 10/01/2005 08:27:53
Last modified : 08/05/2004 20:28:20

#:36 [cm20.exe]
FilePath : C:\Program Files\RF Wireless Mouse\
ThreadCreationTime : 10-01-2005 07:23:58
BasePriority : Normal
FileSize : 60 KB
Created on : 03/04/2004 09:12:03
Last accessed : 10/01/2005 08:25:15
Last modified : 31/01/2002 09:59:02

#:37 [pd6000sm.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-01-2005 07:24:00
BasePriority : Normal
FileSize : 260 KB
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 0
CompanyName : Eastman Kodak Company
FileDescription : PD6000 PD4000 Status Monitor
OriginalFilename : PD6000SM.dll
ProductName : Kodak EasyShare Printer Dock
Created on : 16/06/2003 14:14:52
Last accessed : 10/01/2005 08:27:53
Last modified : 16/06/2003 14:14:52

#:38 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 10-01-2005 07:24:01
BasePriority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 07/05/2004 17:24:09
Last accessed : 10/01/2005 08:27:53
Last modified : 07/05/2004 17:24:09

#:39 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 10-01-2005 07:24:02
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 12/05/2004 16:54:40
Last accessed : 10/01/2005 08:27:53
Last modified : 12/05/2004 16:54:40

#:40 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-01-2005 07:24:06
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 07/01/2005 02:04:02
Last accessed : 10/01/2005 07:28:05
Last modified : 14/09/2004 21:02:18

#:41 [ad2kclient.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ThreadCreationTime : 10-01-2005 07:24:07
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
Copyright : Copyright
CompanyName : Iomega Corporation
FileDescription : AD2KClient
InternalName : AD2KClient
OriginalFilename : AD2KClient.exe
ProductName : AD2KClient
Created on : 27/09/2001 08:15:44
Last accessed : 10/01/2005 08:27:53
Last modified : 13/09/2001 10:35:06

#:42 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ThreadCreationTime : 10-01-2005 07:24:12
BasePriority : Normal
FileSize : 212 KB
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
Copyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
OriginalFilename : AcroTray.exe
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
Created on : 15/05/2003 00:19:50
Last accessed : 10/01/2005 08:27:53
Last modified : 15/05/2003 00:19:50

#:43 [easyshare.exe]
FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\
ThreadCreationTime : 10-01-2005 07:24:15
BasePriority : Normal
FileSize : 600 KB
FileVersion : 2, 0, 9, 62
ProductVersion : 3, 2, 2, 6
Copyright : Copyright
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
OriginalFilename : EasyShare.exe
ProductName : Kodak EasyShare software
Created on : 18/09/2003 02:47:10
Last accessed : 10/01/2005 08:27:53
Last modified : 18/09/2003 02:47:10

#:44 [starupdater.exe]
FilePath : C:\Program Files\Star Alliance Timetable\
ThreadCreationTime : 10-01-2005 07:24:17
BasePriority : Normal
FileSize : 713 KB
FileVersion : 4.0.0.58
ProductVersion : 1.0.0.0
CompanyName : GoldenWare Travel Technologies
InternalName : AutoUpdate
Created on : 21/03/2003 09:00:00
Last accessed : 10/01/2005 08:27:53
Last modified : 21/03/2003 09:00:00

#:45 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 10-01-2005 07:24:17
BasePriority : Normal
FileSize : 24 KB
FileVersion : 7.02.0710.1
ProductVersion : 7.02.0710.1
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 10/07/2002 23:03:34
Last accessed : 10/01/2005 08:27:53
Last modified : 10/07/2002 23:03:34

#:46 [msoffice.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ThreadCreationTime : 10-01-2005 07:24:25
BasePriority : Normal
FileSize : 221 KB
FileVersion : 10.0.2609
ProductVersion : 10.0.2609
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office XP component
InternalName : MSOFFICE
OriginalFilename : MSOFFICE.EXE
ProductName : Microsoft Office XP
Created on : 12/02/2001 23:58:54
Last accessed : 10/01/2005 08:27:53
Last modified : 12/02/2001 23:58:54

#:47 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 10-01-2005 07:30:10
BasePriority : Normal
FileSize : 91 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:03:50
Last modified : 04/08/2004 07:56:50

#:48 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-01-2005 07:32:25
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 31/03/2003 02:00:00
Last accessed : 10/01/2005 08:27:54
Last modified : 04/08/2004 07:56:55

#:49 [acrobat.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
ThreadCreationTime : 10-01-2005 08:16:23
BasePriority : Normal
FileSize : 9968 KB
FileVersion : 6.0.0.2003051900
ProductVersion : 6.0.0.2003051900
Copyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat 6.0
OriginalFilename : acrobat.exe
ProductName : Adobe Acrobat
Created on : 19/05/2003 11:17:54
Last accessed : 10/01/2005 08:17:00
Last modified : 19/05/2003 11:17:54

#:50 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 10-01-2005 08:27:33
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 11/05/2004 13:07:27
Last accessed : 10/01/2005 08:27:33
Last modified : 12/07/2003 13:00:20

#:51 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 10-01-2005 08:27:38
BasePriority : Normal
FileSize : 1628 KB
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
Copyright : Copyright © Microsoft Corporation 2004
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 20/08/2002 17:08:38
Last accessed : 10/01/2005 08:27:38
Last modified : 04/08/2004 07:56:53

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : graham@gator[1].txt
Object : C:\Documents and Settings\Graham\Cookies\

Created on : 09/01/2005 03:07:01
Last accessed : 10/01/2005 08:31:07
Last modified : 09/01/2005 03:07:01



Tracking Cookie Object recognized!
Type : File
Data : graham@redeye.willhill[2].txt
Object : C:\Documents and Settings\Graham\Cookies\

Created on : 09/01/2005 00:09:18
Last accessed : 10/01/2005 08:31:07
Last modified : 09/01/2005 00:10:59



Tracking Cookie Object recognized!
Type : File
Data : graham@revenue[2].txt
Object : C:\Documents and Settings\Graham\Cookies\

Created on : 09/01/2005 03:06:58
Last accessed : 10/01/2005 08:31:07
Last modified : 09/01/2005 03:06:58


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 3


08:32:04 Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:04:13:0
Objects scanned :58897
Objects identified :3
Objects ignored :0
New objects :3


====================================================

Spybot:


DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-629172487-2035032720-1458398780-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
Common hijacker: Redirected host (Redirected host, fixed)
Common hijacker: Redirected host (Redirected host, fixed)
IGetNet: Redirected host (Redirected host, fixed)
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi

=====================================================


Findit:


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Graham\My Documents\GB\Software Downloads\finditnt2000xp\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 07:08 <DIR> dllcache
09/01/2005 23:02 225,352 r88slil718q.dll
09/01/2005 02:35 225,352 lvlq0935e.dll
08/01/2005 10:29 225,352 enjql1151.dll
07/01/2005 02:13 223,021 ktn6l75s1.dll
07/01/2005 00:53 225,352 ioctl.dll
06/01/2005 06:45 222,717 FK20.DLL
06/01/2005 06:37 223,473 roipxmib.dll
06/01/2005 05:17 222,717 mbswch.dll
05/01/2005 00:48 225,468 UTLMON.DLL
04/01/2005 01:51 225,172 sWfrcdlg.dll
02/01/2005 09:42 225,172 dwscript.dll
31/12/2004 10:07 223,795 kzdhe319.dll
31/12/2004 09:30 222,904 muxclu.dll
30/12/2004 06:15 225,463 ksdtuq.dll
17/12/2004 09:52 223,765 skvsvc.dll
16/12/2004 23:04 223,232 drmap.dll
13/11/2003 00:07 <DIR> Microsoft
21/03/2001 08:34 244,232 Msflxgrd.ocx
17 File(s) 3,832,539 bytes
2 Dir(s) 14,506,057,728 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 07:22 900 vsconfig.xml
10/01/2005 07:08 <DIR> dllcache
21/12/2004 09:53 4,212 zllictbl.dat
16/07/2003 13:08 488 WindowsLogon.manifest
16/07/2003 13:08 488 logonui.exe.manifest
16/07/2003 13:07 749 sapi.cpl.manifest
16/07/2003 13:07 749 nwc.cpl.manifest
16/07/2003 13:07 749 ncpa.cpl.manifest
16/07/2003 13:07 749 wuaucpl.cpl.manifest
16/07/2003 13:07 749 cdplayer.exe.manifest
9 File(s) 9,833 bytes
1 Dir(s) 14,506,041,344 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 07:32 225,352 guard.tmp
1 File(s) 225,352 bytes
0 Dir(s) 14,506,041,344 bytes free

------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 07:32 225,352 guard.tmp
31/03/2003 02:00 2,577 CONFIG.TMP
2 File(s) 227,929 bytes
0 Dir(s) 14,506,041,344 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AA87AC80-E08B-459A-A96F-FF5F5F2738B4}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvlq0935e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
drmap.dll Thu 16 Dec 2004 23:04:22 ..S.R 223,232 218.00 K
dwscript.dll Sun 2 Jan 2005 9:42:10 ..S.R 225,172 219.89 K
enjql1~1.dll Sat 8 Jan 2005 10:29:48 ..S.R 225,352 220.07 K
fk20.dll Thu 6 Jan 2005 6:45:20 ..S.R 222,717 217.50 K
ioctl.dll Fri 7 Jan 2005 0:53:52 ..S.R 225,352 220.07 K
ksdtuq.dll Thu 30 Dec 2004 6:15:06 ..S.R 225,463 220.18 K
ktn6l7~1.dll Fri 7 Jan 2005 2:13:48 ..S.R 223,021 217.79 K
kzdhe319.dll Fri 31 Dec 2004 10:07:18 ..S.R 223,795 218.55 K
lvlq09~1.dll Sun 9 Jan 2005 2:35:42 ..S.R 225,352 220.07 K
mbswch.dll Thu 6 Jan 2005 5:18:00 ..S.R 222,717 217.50 K
muxclu.dll Fri 31 Dec 2004 9:30:04 ..S.R 222,904 217.68 K
r88sli~1.dll Sun 9 Jan 2005 23:02:40 ..S.R 225,352 220.07 K
roipxmib.dll Thu 6 Jan 2005 6:37:06 ..S.R 223,473 218.23 K
skvsvc.dll Fri 17 Dec 2004 9:52:02 ..S.R 223,765 218.52 K
swfrcdlg.dll Tue 4 Jan 2005 1:51:16 ..S.R 225,172 219.89 K
utlmon.dll Wed 5 Jan 2005 0:48:42 ..S.R 225,468 220.18 K
vsconfig.xml Mon 10 Jan 2005 7:22:08 A..H. 900 0.88 K
zllictbl.dat Tue 21 Dec 2004 9:53:14 ...H. 4,212 4.11 K

18 items found: 18 files, 0 directories.
Total of file sizes: 3,593,419 bytes 3.43 M

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ATIModeChange"="Ati2mdxx.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"MMTray"="C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_tray.exe"
"Start RF Wireless Mouse"="C:\\Program Files\\RF Wireless Mouse\\cm20.exe"
"PD6000StatusMonitor"="C:\\WINDOWS\\System32\\PD6000SM.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"StarUpdater"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



======================================================
Hijackthis:




Logfile of HijackThis v1.99.0
Scan saved at 07:55:22, on 10/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\RF Wireless Mouse\cm20.exe
C:\WINDOWS\System32\PD6000SM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Star Alliance Timetable\StarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Graham\My Documents\GB\Software Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qgb8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qgb8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons]
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Welcome to GTG rigjunkie.
  • Download finditnt2000xp.zip.
  • Unzip the contents of finditnt2000xp.zip to a convenient location.
  • Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
  • A command prompt will open and it will search your computer for malicious files.
  • Once it has finished a Notepad window will pop up with output.txt.
  • Copy the entire contents of output.txt into your next post.

  • 0

#3
rigjunkie

rigjunkie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here is a new findit log -

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Graham\My Documents\GB\Software Downloads\finditnt2000xp\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 23:51 225,352 l88m0il1e8q.dll
10/01/2005 23:45 225,352 irr2l59o1.dll
10/01/2005 07:08 <DIR> dllcache
08/01/2005 10:29 225,352 enjql1151.dll
07/01/2005 02:13 223,021 ktn6l75s1.dll
07/01/2005 00:53 225,352 ioctl.dll
06/01/2005 06:45 222,717 FK20.DLL
06/01/2005 06:37 223,473 roipxmib.dll
06/01/2005 05:17 222,717 mbswch.dll
05/01/2005 00:48 225,468 UTLMON.DLL
04/01/2005 01:51 225,172 sWfrcdlg.dll
02/01/2005 09:42 225,172 dwscript.dll
31/12/2004 10:07 223,795 kzdhe319.dll
31/12/2004 09:30 222,904 muxclu.dll
30/12/2004 06:15 225,463 ksdtuq.dll
17/12/2004 09:52 223,765 skvsvc.dll
16/12/2004 23:04 223,232 drmap.dll
13/11/2003 00:07 <DIR> Microsoft
21/03/2001 08:34 244,232 Msflxgrd.ocx
17 File(s) 3,832,539 bytes
2 Dir(s) 14,549,774,336 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 23:54 900 vsconfig.xml
10/01/2005 07:08 <DIR> dllcache
21/12/2004 09:53 4,212 zllictbl.dat
16/07/2003 13:08 488 WindowsLogon.manifest
16/07/2003 13:08 488 logonui.exe.manifest
16/07/2003 13:07 749 sapi.cpl.manifest
16/07/2003 13:07 749 nwc.cpl.manifest
16/07/2003 13:07 749 ncpa.cpl.manifest
16/07/2003 13:07 749 wuaucpl.cpl.manifest
16/07/2003 13:07 749 cdplayer.exe.manifest
9 File(s) 9,833 bytes
1 Dir(s) 14,549,770,240 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 23:59 225,352 guard.tmp
1 File(s) 225,352 bytes
0 Dir(s) 14,549,753,856 bytes free

------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is 150F-E755

Directory of C:\WINDOWS\System32

10/01/2005 23:59 225,352 guard.tmp
31/03/2003 02:00 2,577 CONFIG.TMP
2 File(s) 227,929 bytes
0 Dir(s) 14,549,753,856 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AA87AC80-E08B-459A-A96F-FF5F5F2738B4}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\irr2l59o1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
drmap.dll Thu 16 Dec 2004 23:04:22 ..S.R 223,232 218.00 K
dwscript.dll Sun 2 Jan 2005 9:42:10 ..S.R 225,172 219.89 K
enjql1~1.dll Sat 8 Jan 2005 10:29:48 ..S.R 225,352 220.07 K
fk20.dll Thu 6 Jan 2005 6:45:20 ..S.R 222,717 217.50 K
ioctl.dll Fri 7 Jan 2005 0:53:52 ..S.R 225,352 220.07 K
irr2l5~1.dll Mon 10 Jan 2005 23:45:10 ..S.R 225,352 220.07 K
ksdtuq.dll Thu 30 Dec 2004 6:15:06 ..S.R 225,463 220.18 K
ktn6l7~1.dll Fri 7 Jan 2005 2:13:48 ..S.R 223,021 217.79 K
kzdhe319.dll Fri 31 Dec 2004 10:07:18 ..S.R 223,795 218.55 K
l88m0i~1.dll Mon 10 Jan 2005 23:51:58 ..S.R 225,352 220.07 K
mbswch.dll Thu 6 Jan 2005 5:18:00 ..S.R 222,717 217.50 K
muxclu.dll Fri 31 Dec 2004 9:30:04 ..S.R 222,904 217.68 K
roipxmib.dll Thu 6 Jan 2005 6:37:06 ..S.R 223,473 218.23 K
skvsvc.dll Fri 17 Dec 2004 9:52:02 ..S.R 223,765 218.52 K
swfrcdlg.dll Tue 4 Jan 2005 1:51:16 ..S.R 225,172 219.89 K
utlmon.dll Wed 5 Jan 2005 0:48:42 ..S.R 225,468 220.18 K
vsconfig.xml Mon 10 Jan 2005 23:54:56 A..H. 900 0.88 K
zllictbl.dat Tue 21 Dec 2004 9:53:14 ...H. 4,212 4.11 K

18 items found: 18 files, 0 directories.
Total of file sizes: 3,593,419 bytes 3.43 M

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ATIModeChange"="Ati2mdxx.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"MMTray"="C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_tray.exe"
"Start RF Wireless Mouse"="C:\\Program Files\\RF Wireless Mouse\\cm20.exe"
"PD6000StatusMonitor"="C:\\WINDOWS\\System32\\PD6000SM.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"StarUpdater"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP