Solved

winlogon app error- Hijack This log

Posted on 2007-11-28
13
3,577 Views
Last Modified: 2013-12-06
We have an error that we can't seem to get rid of ..winlogon.exe.. application error.  The logon box pops up the minute the machine is booted with this message box. IF You OK or Cancel- you get a blue screen with C000021 fatal system error screen.
We have reminaged a few times- it comes back... its somewhere in the system and I am trying to get rid of it
I have run the following:
Panda inling scan- 10 spywares found
ATF cleaner
AVG Spyware-
Vundo- which I thought is what I had...
Nothing-- still get the winlogon error.

Here is my HJT this log
Logfile of HijackThis v1.99.1
Scan saved at 10:57:48 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\fgc\cs\fgccsrt.exe
c:\fgc\fgcrepl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NETSUP~1\runplugin.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\fgc\cs\cstray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.0.25/LLR/menu/MBMSSRPP081501.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\fgc\SmChk.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CSTray] c:\fgc\cs\cstray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147203668593
O16 - DPF: {8C54B46F-89AF-4524-8BC7-6EF47C7639C7} (CQuickSetup Object) - https://ctdata.ctresc.org/ease-e/SetupControl.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DAE29B6-0E05-4A4E-AD1C-AA240110E1C6}: NameServer = 172.16.1.16,159.247.233.2,159.247.233.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DAE29B6-0E05-4A4E-AD1C-AA240110E1C6}: NameServer = 172.16.1.16,159.247.233.2,159.247.233.18
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\system32\Novell\XtNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Fortres Clean Slate Runtime (fgccsrt) - Fortres Grand Corporation - c:\fgc\cs\fgccsrt.exe
O23 - Service: FGC Replication (fgcrepl) - Fortres Grand Corporation - c:\fgc\fgcrepl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Symantec Ghost Client Agent (ngclient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

0
Comment
Question by:jaw1971
  • 8
  • 5
13 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20369752
I can't see any nasty entries in your Hijackthis log, but of course that doesn't guarantee a clean system because a lot of nasties can hide from hijackthis scan.

Though, you do have a lot of programs there that use winlogon\notify key....... Fortres Clean Slate is also active before logon. It could be a software incompatibility issue.
Some users have encountered problems with AVG Antispyware using high cpu at boot up, you can try uninstalling that and see if that's the caused.
It could also be caused by other programs like Fortres Clean Slate. Can you remember exactly just when the winlogon error started? You might have to do the tedious job of troubleshooting just what app is causing the error.

You could also try running other scanners to find hidden nasties etc.
If you like we can try Combofix.
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Upload the log at EE-Stuff.com for us to check please.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 
LVL 1

Author Comment

by:jaw1971
ID: 20370774
thanks for your response- i will do this first thing tomorrow morning when I get in.
We had NOT installed a new version of Cleanslate when this occured. I will though have a discussion w/ my team to see what may have caused the issue.
Thanks
0
 
LVL 1

Author Comment

by:jaw1971
ID: 20373854
0
 
LVL 1

Author Comment

by:jaw1971
ID: 20375889
rpggamergirl- I noticed your name attached to an issue that sounds almost identical to this one..
it was posted by dwayne1985 in dec of 2006.
I will try to follow what you have there until I hear back from you on my logs!
Thanks
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20381309
I looked at Dwayne1985's question and he had vundo and conhook which explained the winlogon problem he had.

I had a quick look at your log and I didn't see anything vundo or conhook entries. Do you recognize the files in the log? I haven't checked them thoroughly.
how about this file do you recognize this? no info when I googled it --> C:\FGCDIR


Let's try running another tool, see if it catch any nasties that Combofix didn't list. No harm doing it, unlike Combofix WinPFind does not remove any files, it will just show us a logfile.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
* In the 'Files Created Within' group click 30 days
* In the 'Files Modified Within' group select 30 days
* In the 'File String Search' group select Non-Microsoft
* In the 'Drivers Services' group select Non-Microsoft
* In the 'Additional Scans' group select 'Desktop Components'

Now click the "Run Scan" button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked.
If it is, then click on it to uncheck it.
You can just attach the log file using "Attach Code Snippet"

0
 
LVL 1

Author Comment

by:jaw1971
ID: 20381765
That directory is Fotras Clean Slate.. I have that same directory on machines that do not have this issue,.
Thank you for taking the time to look at this...
I am running that application now and will post soon
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20381783
It's midnight here where I am.... I'll check back first thing tomorrow, thanks.
0
 
LVL 1

Author Comment

by:jaw1971
ID: 20384723
The process would freeze up on me- I am running it now in safe mode- but all day I kept restaring it and it would stop while scanning windows services.
0
 
LVL 1

Author Comment

by:jaw1971
ID: 20384864
FINALLY running it in safe mode produced a text file
here ya go!

WinPFind3 logfile created on: 11/30/2007 2:41:43 PM

WinPFind3U by OldTimer - Version 1.0.44	Folder = C:\Documents and Settings\techsup\Desktop\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

 

1015.43 Mb Total Physical Memory | 815.49 Mb Available Physical Memory | 80.31% Memory free

2.39 Gb Paging File | 2.29 Gb Available in Paging File | 95.77% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.27 Gb Total Space | 23.62 Gb Free Space | 63.39% Space Free

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded
 

Computer Name: MBLIB009

Current User Name: techsup

Logged in as Administrator.

Cannot determine boot mode.
 
 

[Processes - Non-Microsoft Only]

guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr =    ]
 

[Win32 Services - Non-Microsoft Only]

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]

(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 192160 bytes | Modified Date = 3/7/2006 12:02:34 PM | Attr =    ]

(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 169632 bytes | Modified Date = 3/7/2006 12:03:02 PM | Attr =    ]

(Client32) Client32 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NetSupport School\client32.exe -> NetSupport Ltd [Ver = V9.60 | Size = 16447 bytes | Modified Date = 6/30/2006 2:06:46 PM | Attr =    ]

(cusrvc) Client Update Service for Novell [Win32_Own | On_Demand | Stopped] -> %System32%\cusrvc.exe -> Novell, Inc. [Ver = v4.91 | Size = 28672 bytes | Modified Date = 8/11/2006 2:51:04 PM | Attr =    ]

(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 30448 bytes | Modified Date = 3/17/2006 5:34:12 AM | Attr =    ]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

(fgccsrt) Fortres Clean Slate Runtime [Win32_Own | Auto | Stopped] -> %SystemDrive%\fgc\cs\fgccsrt.exe -> File not found

(fgcrepl) FGC Replication [Win32_Own | Auto | Stopped] -> %SystemDrive%\fgc\fgcrepl.exe -> File not found

(FSRT) Fortres Security Runtime [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Fortres Grand\Fortres Security Runtime 6.0\FSRT.exe -> Fortres Grand Corporation [Ver = 6, 1, 0, 2 | Size = 709440 bytes | Modified Date = 8/6/2007 2:40:08 PM | Attr =    ]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr =    ]

(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 3:23:58 PM | Attr =    ]

(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 10:41:04 AM | Attr =    ]

(NALNTSERVICE) Novell Application Launcher [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Novell\ZENworks\NALNTSRV.EXE -> Novell, Inc. [Ver = 7.0.0.0 | Size = 112128 bytes | Modified Date = 8/4/2005 3:08:04 PM | Attr =    ]

(ngclient) Symantec Ghost Client Agent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\Ghost\ngctw32.exe -> Symantec Corporation [Ver = 11.0.1.1533 | Size = 632456 bytes | Modified Date = 4/19/2007 8:01:38 PM | Attr =    ]

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\spool\drivers\w32x86\3\HPZIPM12.EXE -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 4/29/2005 9:44:06 PM | Attr =    ]

(Remote Management Agent) Novell ZENworks Remote Management Agent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -> Novell, Inc. [Ver = 7, 0, 0, 0 | Size = 163840 bytes | Modified Date = 7/11/2005 10:33:32 AM | Attr =    ]

(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.0.394 | Size = 115952 bytes | Modified Date = 3/17/2006 5:34:24 AM | Attr =    ]

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.2.211 | Size = 214720 bytes | Modified Date = 1/24/2006 7:06:58 PM | Attr =    ]

(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr =    ]

(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.5 | Size = 1160848 bytes | Modified Date = 2/6/2006 11:50:24 AM | Attr =    ]

(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 1799408 bytes | Modified Date = 3/17/2006 5:34:20 AM | Attr =    ]

(XTAgent) Novell XTier Agent Services [Win32_Own | Auto | Stopped] -> %System32%\novell\xtagent.exe -> Novell, Inc. [Ver = 1.2.3.1 | Size = 61440 bytes | Modified Date = 1/10/2005 12:36:52 PM | Attr =    ]

(ZFDWM) Workstation Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Novell\ZENworks\WM.EXE -> Novell, Inc. [Ver = v7.0.0 (20050524) | Size = 149024 bytes | Modified Date = 8/1/2005 2:01:44 PM | Attr =    ]
 

[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 2:20:04 AM | Attr =    ]

(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %System32%\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 1.0.000.000 built by: WinDDK | Size = 105472 bytes | Modified Date = 5/8/2002 1:44:42 PM | Attr =    ]

(aeaudio) aeaudio [Kernel | On_Demand | Stopped] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.36 | Size = 100384 bytes | Modified Date = 10/23/2003 6:17:10 AM | Attr =    ]

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]

(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =    ]

(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.73.0.0 built by: WinDDK | Size = 186112 bytes | Modified Date = 4/29/2004 1:55:42 PM | Attr = R  ]

(BlankScr) HBDevice [Kernel | Auto | Stopped] -> %System32%\drivers\blankscr.sys -> Novell Inc. [Ver = 7, 0, 0, 0 | Size = 6899 bytes | Modified Date = 5/23/2005 1:47:18 PM | Attr =    ]

(Blfp) Broadcom Advanced Server Program Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\baspxp32.sys -> Broadcom Corporation [Ver = 6.0.9 built by: WinDDK | Size = 51584 bytes | Modified Date = 2/4/2004 2:34:16 PM | Attr =    ]

(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\techsup\LOCALS~1\Temp\catchme.sys -> File not found

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\drivers\cdr4_xp.sys -> Roxio [Ver = 6.1.1.8  | Size = 66992 bytes | Modified Date = 6/26/2003 11:21:24 PM | Attr =    ]

(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\drivers\cdralw2k.sys -> Roxio [Ver = 6.1.1.8  | Size = 24698 bytes | Modified Date = 6/26/2003 11:21:24 PM | Attr =    ]

(cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\drivers\Cdudf_xp.sys -> Roxio [Ver = 6.1.1.8  built by: WinDDK | Size = 259328 bytes | Modified Date = 6/26/2003 11:21:22 PM | Attr =    ]

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(Darpan) Darpan [Kernel | On_Demand | Stopped] -> %System32%\drivers\Darpan.sys -> Novell, Inc. [Ver = 7.0.0.0 | Size = 2773 bytes | Modified Date = 5/23/2005 1:11:14 PM | Attr =    ]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\drivers\Dvd_2k.sys -> Roxio [Ver = 6.1.1.8  | Size = 21993 bytes | Modified Date = 6/26/2003 11:21:24 PM | Attr =    ]

(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 2:12:10 AM | Attr =    ]

(eeCtrl) Symantec Eraser Control driver [Kernel | System | Stopped] -> %CommonProgramFiles%\Symantec Shared\eengine\eeCtrl.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 389432 bytes | Modified Date = 4/10/2007 10:29:40 AM | Attr =    ]

(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\eengine\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 106808 bytes | Modified Date = 4/10/2007 10:29:40 AM | Attr =    ]

(fgccow) fgccow [File_System | Auto | Stopped] -> %ProgramFiles%\Fortres Grand\Clean Slate 5.0\fgccow.sys -> Fortres Grand Corporation [Ver = 5, 0, 0, 3005 | Size = 209728 bytes | Modified Date = 8/6/2007 4:36:46 PM | Attr =    ]

(gdihook5) gdihook5 [Kernel | On_Demand | Stopped] -> %System32%\drivers\gdihook5.sys -> NetSupport Ltd [Ver = V9.60 | Size = 24633 bytes | Modified Date = 6/30/2006 2:06:28 PM | Attr =    ]

(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr =    ]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\drivers\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 8/3/2004 12:29:38 PM | Attr =    ]

(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wADV01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 8/3/2004 12:29:38 PM | Attr =    ]

(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wADV02NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 8/3/2004 12:29:38 PM | Attr =    ]

(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wADV05NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 8/3/2004 12:29:38 PM | Attr =    ]

(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wSiINTxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 8/3/2004 12:29:48 PM | Attr =    ]

(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wVchNTxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 8/3/2004 12:29:50 PM | Attr =    ]

(iAimFP5) iAimFP5 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wADV07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11807 bytes | Modified Date = 8/3/2004 12:29:40 PM | Attr =    ]

(iAimFP6) iAimFP6 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wADV08NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11295 bytes | Modified Date = 8/3/2004 12:29:40 PM | Attr =    ]

(iAimFP7) iAimFP7 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wADV09NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11871 bytes | Modified Date = 8/3/2004 12:29:42 PM | Attr =    ]

(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wATV01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 8/3/2004 12:29:42 PM | Attr =    ]

(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wATV02NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 8/3/2004 12:29:44 PM | Attr =    ]

(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wATV04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 8/3/2004 12:29:44 PM | Attr =    ]

(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wCh7xxNT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 8/3/2004 12:29:46 PM | Attr =    ]

(iAimTV5) iAimTV5 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wATV10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Modified Date = 8/3/2004 12:29:46 PM | Attr =    ]

(iAimTV6) iAimTV6 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wATV06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 22271 bytes | Modified Date = 8/3/2004 12:29:46 PM | Attr =    ]

(ialm) ialm [Kernel | On_Demand | Stopped] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4396 | Size = 1302332 bytes | Modified Date = 9/20/2005 9:00:54 AM | Attr =    ]

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %System32%\drivers\Mmc_2k.sys -> Roxio [Ver = 6.1.1.8  | Size = 22745 bytes | Modified Date = 6/26/2003 11:21:24 PM | Attr =    ]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070723.018\NAVENG.SYS -> Symantec Corporation [Ver = 20071.3.0.24 | Size = 81232 bytes | Modified Date = 7/23/2007 3:00:00 AM | Attr =    ]

(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070723.018\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.3.0.24 | Size = 865904 bytes | Modified Date = 7/23/2007 3:00:00 AM | Attr =    ]

(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Stopped] -> %System32%\NetWare\nwfs.sys -> Novell, Inc. [Ver = 4.91.3.1 | Size = 506159 bytes | Modified Date = 11/9/2006 9:38:22 AM | Attr =    ]

(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> %System32%\drivers\nicm.sys -> Novell, Inc. [Ver = 3.0.0.4 | Size = 38416 bytes | Modified Date = 3/3/2006 4:50:48 PM | Attr =    ]

(nipplpt2) Novell iCapture Lpt Redirector 2 [Kernel | System | Stopped] -> %System32%\drivers\nipplpt.sys ->  [Ver =  | Size = 34671 bytes | Modified Date = 10/24/2005 11:27:36 AM | Attr =    ]

(NWDHCP) Novell DHCP Inform Client [File_System | Auto | Stopped] -> %System32%\NetWare\nwdhcp.sys -> Novell, Inc. [Ver = 4.91.3.0 | Size = 18353 bytes | Modified Date = 11/22/2005 9:51:22 AM | Attr =    ]

(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwdns.sys -> Novell, Inc. [Ver = 4.91.3.1 | Size = 43280 bytes | Modified Date = 9/25/2006 11:44:52 AM | Attr =    ]

(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> %System32%\NetWare\nwfilter.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 15891 bytes | Modified Date = 5/26/2005 5:14:00 PM | Attr =    ]

(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwhost.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 9297 bytes | Modified Date = 10/12/2005 12:12:18 PM | Attr =    ]

(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsap.sys ->  [Ver =  | Size = 23232 bytes | Modified Date = 2/26/2003 1:51:18 PM | Attr =    ]

(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> %System32%\NetWare\nwsipx32.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 39731 bytes | Modified Date = 10/27/2005 3:15:14 PM | Attr =    ]

(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwslp.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 20332 bytes | Modified Date = 1/3/2005 1:51:38 PM | Attr =    ]

(NWSNS) Novell Simple Naming Services [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsns.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 6128 bytes | Modified Date = 10/12/2005 12:11:32 PM | Attr =    ]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PCISys) PCISys [Kernel | System | Stopped] -> %System32%\drivers\pcisys.old -> NetSupport Ltd [Ver = V9.60D | Size = 32823 bytes | Modified Date = 6/30/2006 4:06:28 PM | Attr =    ]

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

(pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\drivers\pwd_2K.sys -> Roxio [Ver = 6.1.1.8  | Size = 118409 bytes | Modified Date = 6/26/2003 11:21:24 PM | Attr =    ]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 4/18/2006 5:34:56 PM | Attr =    ]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Stopped] -> %System32%\NetWare\resmgr.sys -> Novell, Inc. [Ver = 4.90 | Size = 27249 bytes | Modified Date = 6/1/2004 5:19:34 PM | Attr =    ]

(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr =    ]

(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R  ]

(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr =    ]

(SAVRT) SAVRT [Kernel | System | Stopped] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.1.4 | Size = 337592 bytes | Modified Date = 12/19/2005 7:41:56 PM | Attr =    ]

(SAVRTPEL) SAVRTPEL [Kernel | System | Stopped] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.1.4 | Size = 54968 bytes | Modified Date = 12/19/2005 7:41:58 PM | Attr =    ]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(smwdm) smwdm [Kernel | On_Demand | Stopped] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.4070 | Size = 612416 bytes | Modified Date = 4/15/2004 2:20:36 PM | Attr =    ]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.2.0.5 | Size = 389776 bytes | Modified Date = 2/6/2006 11:50:22 AM | Attr =    ]

(SRVLOC) Novell Service Location [File_System | Auto | Stopped] -> %System32%\NetWare\srvloc.sys -> Novell, Inc. [Ver = 4.91.3.0 | Size = 160209 bytes | Modified Date = 9/25/2006 8:54:54 AM | Attr =    ]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 11:07:34 AM | Attr =    ]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 11:07:36 AM | Attr =    ]

(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.2.1 | Size = 107696 bytes | Modified Date = 1/31/2006 12:29:20 PM | Attr =    ]

(Symmpi) Symmpi [Kernel | Disabled | Stopped] -> %System32%\drivers\symmpi.sys -> LSI Logic [Ver = SYMMPI-1.08.00 built by: dprill | Size = 28416 bytes | Modified Date = 4/4/2002 1:32:06 AM | Attr = R  ]

(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 24768 bytes | Modified Date = 1/24/2006 7:06:32 PM | Attr =    ]

(SYMTDI) SYMTDI [Kernel | System | Stopped] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 195776 bytes | Modified Date = 1/24/2006 7:06:36 PM | Attr =    ]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 11:07:40 AM | Attr =    ]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 11:07:42 AM | Attr =    ]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\drivers\UdfReadr_xp.sys -> Roxio [Ver = 6.1.1.8  built by: WinDDK | Size = 213120 bytes | Modified Date = 6/26/2003 11:21:24 PM | Attr =    ]

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 10:46:24 PM | Attr =    ]

ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 53408 bytes | Modified Date = 3/7/2006 12:02:14 PM | Attr =    ]

CSTray -> %ProgramFiles%\Fortres Grand\Clean Slate 5.0\cstray.exe -> Fortres Grand Corporation [Ver = 5, 0, 0, 3005 | Size = 279360 bytes | Modified Date = 8/6/2007 4:36:38 PM | Attr =    ]

FSRT -> %ProgramFiles%\Fortres Grand\Fortres Security Runtime 6.0\fsrtu.exe -> Fortres Grand Corporation [Ver = 6, 1, 0, 2 | Size = 250688 bytes | Modified Date = 8/6/2007 2:39:54 PM | Attr =    ]

igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 8:32:24 AM | Attr =    ]

igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 8:36:20 AM | Attr =    ]

igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 8:35:40 AM | Attr =    ]

iPrint Tray -> %System32%\iprntctl.exe -> Novell, Inc. [Ver = 4,1,5,0 | Size = 40960 bytes | Modified Date = 10/24/2005 11:32:36 AM | Attr =    ]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 3:24:14 PM | Attr =    ]

NGTray -> %ProgramFiles%\Symantec\Ghost\ngtray.exe -> Symantec Corporation [Ver = 11.0.1.1533 | Size = 181896 bytes | Modified Date = 4/19/2007 8:01:40 PM | Attr =    ]

NWTRAY -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 1:37:28 PM | Attr =    ]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 2:57:48 PM | Attr =    ]

RoxioDragToDisc -> %ProgramFiles%\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe -> Roxio [Ver = 6.1.1.8  | Size = 868352 bytes | Modified Date = 6/26/2003 11:21:22 PM | Attr =    ]

RoxioEngineUtility -> %CommonProgramFiles%\Roxio Shared\System\EngUtil.exe -> Roxio [Ver = 6.1.0.7 | Size = 65536 bytes | Modified Date = 5/1/2003 5:44:50 PM | Attr =    ]

SetRefresh -> %ProgramFiles%\Compaq\SetRefresh\SetRefresh.exe -> Hewlett-Packard Company [Ver = 1.2.1.3 | Size = 525824 bytes | Modified Date = 11/20/2003 1:01:08 PM | Attr =    ]

smapp -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 18, 0 | Size = 143360 bytes | Modified Date = 7/30/2003 12:08:58 PM | Attr =    ]

UserFaultCheck ->  -> File not found

vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 124656 bytes | Modified Date = 3/17/2006 5:34:30 AM | Attr =    ]

ZENRC Tray Icon -> %System32%\zentray.exe -> Novell, Inc. [Ver = 7, 0, 0, 0 | Size = 40960 bytes | Modified Date = 5/18/2005 4:04:00 PM | Attr =    ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL -> Installed = 1 -> 

MAPI -> Installed = 1 -> 

MSFS -> Installed = 1 -> 

< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr =    ]

%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/22/2006 11:01:50 PM | Attr =    ]

< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =    ]

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr =    ]

{763370C4-268E-4308-A60C-D8DA0342BE32} [HKLM] -> %ProgramFiles%\Novell\ZENworks\NalShell.dll [] -> Novell, Inc [Ver = 7.0.0.0 | Size = 417792 bytes | Modified Date = 8/4/2005 3:07:44 PM | Attr =    ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System -> 

ziswin.exe -> %System32%\ZISWIN.EXE -> Novell [Ver = 7, 0, 0, 0 | Size = 192512 bytes | Modified Date = 8/1/2005 2:15:02 PM | Attr =    ]

*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL -> 

NWGina.dll -> %System32%\nwgina.dll -> Novell, Inc. [Ver = v6.5.1 (20061106) | Size = 372817 bytes | Modified Date = 10/6/2006 9:33:50 AM | Attr =    ]

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr =    ]

igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 8:31:28 AM | Attr =    ]

NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.0.394 | Size = 43760 bytes | Modified Date = 3/17/2006 5:34:36 AM | Attr =    ]

NetIdentity Notification -> %System32%\novell\xtnotify.dll -> Novell, Inc. [Ver = 1.2.3 | Size = 24576 bytes | Modified Date = 1/10/2005 12:36:58 PM | Attr =    ]

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLastUserName -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LegalNoticeText ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ShutdownWithoutLogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\UndockWithoutLogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  -> 

< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ ->  -> 

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

127.0.0.1       localhost ->  -> 

< Internet Explorer Settings > ->  -> 

HKLM: Default_Page_URL -> http://www.yahoo.com -> 

HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> 

HKLM: Search Bar -> http://go.compaq.com/1Q00CDT/0409/bl8.asp -> 

HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKLM: Start Page -> http://www.yahoo.com -> 

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKCU: Start Page -> http://172.16.0.25/LLR/menu/MBMSSRPP081501.htm -> 

HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found

HKCU: ProxyEnable -> 0 -> 

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

msn.com [ - ] ->  -> 

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =    ]

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found

{C1994287-422F-47aa-8E5E-6323E210A125} -> Reg Data - Value does not exist [ButtonText: Novell delivered applications] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&Google Search -> %ProgramFiles%\google\GoogleToolbar2.dll\cmsearch.htm -> File not found

&Translate English Word -> %ProgramFiles%\google\GoogleToolbar2.dll\cmwordtrans.htm -> File not found

Backward Links -> %ProgramFiles%\google\GoogleToolbar2.dll\cmbacklinks.htm -> File not found

Cached Snapshot of Page -> %ProgramFiles%\google\GoogleToolbar2.dll\cmcache.htm -> File not found

E&xport to Microsoft Excel ->  -> File not found

Similar Pages -> %ProgramFiles%\google\GoogleToolbar2.dll\cmsimilar.htm -> File not found

Translate Page into English -> %ProgramFiles%\google\GoogleToolbar2.dll\cmtrans.htm -> File not found

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{6DAE29B6-0E05-4A4E-AD1C-AA240110E1C6} -> 172.16.1.16,159.247.233.2,159.247.233.18   (Broadcom NetXtreme Gigabit Ethernet) -> 

< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [Novell Directory Services Name Provider] -> %System32%\NetWare\nwws2nds.dll -> Novell, Inc. [Ver = 4.91 | Size = 36947 bytes | Modified Date = 1/30/2006 3:40:26 PM | Attr =    ]

NameSpace_Catalog5\Catalog_Entries\000000000005 [Novell IPX/SPX SAP Name Provider] -> %System32%\NetWare\nwws2sap.dll -> Novell, Inc. [Ver = 4.91 | Size = 32851 bytes | Modified Date = 10/27/2005 3:24:08 PM | Attr =    ]

NameSpace_Catalog5\Catalog_Entries\000000000006 [Novell SLP Provider] -> %System32%\NetWare\nwws2slp.dll -> Novell, Inc. [Ver = 4.91 | Size = 49235 bytes | Modified Date = 1/30/2006 3:40:28 PM | Attr =    ]

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab -> 

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147203668593 -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab -> 

{8C54B46F-89AF-4524-8BC7-6EF47C7639C7} -> CQuickSetup Object - CodeBase = https://ctdata.ctresc.org/ease-e/SetupControl.dll -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ->  - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -> 

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> 

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -> 
 
 

[Registry - Additional Scans - Non-Microsoft Only]

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 

0 -> [Key] -> 

0 -> FriendlyName = My Current Home Page -> 

0 -> Source = About:Home -> 

0 -> SubscribedURL = About:Home -> 
 
 

[Files/Folders - Created Within 30 days]

CHICKA -> %SystemDrive%\CHICKA ->  [Folder | Created Date = 11/14/2007 12:11:11 PM | Attr =    ]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 11/29/2007 9:34:52 AM | Attr =    ]

FGCDIR -> %SystemDrive%\FGCDIR ->  [Folder | Created Date = 11/30/2007 2:30:20 PM | Attr =    ]

KA -> %SystemDrive%\KA ->  [Folder | Created Date = 11/14/2007 12:11:11 PM | Attr =    ]

qoobox -> %SystemDrive%\qoobox ->  [Folder | Created Date = 11/29/2007 9:35:28 AM | Attr =    ]

SCICON -> %SystemDrive%\SCICON ->  [Folder | Created Date = 11/14/2007 12:11:11 PM | Attr =    ]

TLCWIN -> %SystemDrive%\TLCWIN ->  [Folder | Created Date = 11/14/2007 12:11:11 PM | Attr =    ]

TTL3HOME -> %SystemDrive%\TTL3HOME ->  [Folder | Created Date = 11/14/2007 12:11:11 PM | Attr =    ]

VIAVOICE -> %SystemDrive%\VIAVOICE ->  [Folder | Created Date = 11/14/2007 12:11:11 PM | Attr =    ]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 11/28/2007 10:46:10 AM | Attr =    ]

catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 136704 bytes | Created Date = 11/29/2007 9:35:06 AM | Attr =    ]

erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 11/29/2007 9:38:20 AM | Attr =    ]

NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 11/29/2007 9:35:06 AM | Attr =    ]

TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 11/29/2007 9:38:55 AM | Attr =    ]

ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 11/27/2007 1:47:47 PM | Attr =    ]

asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 11/27/2007 1:48:35 PM | Attr =    ]

CMMGR32.EXE -> %System32%\CMMGR32.EXE ->  [Ver =  | Size = 0 bytes | Created Date = 11/28/2007 11:16:21 AM | Attr =    ]

dumphive.exe -> %System32%\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 11/27/2007 1:47:54 PM | Attr =    ]

pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 11/27/2007 1:47:52 PM | Attr =    ]

Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

swsc.exe -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 4374 bytes | Created Date = 11/29/2007 1:33:19 PM | Attr =    ]

Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 11/27/2007 1:47:55 PM | Attr =    ]

VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 11/29/2007 9:35:05 AM | Attr =    ]

WS2Fix.exe -> %System32%\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 11/28/2007 12:49:46 PM | Attr =    ]

ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 11/27/2007 1:48:34 PM | Attr =    ]

AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 11/28/2007 10:02:16 AM | Attr =    ]
 

[Files/Folders - Modified Within 30 days]

CHICKA -> %SystemDrive%\CHICKA ->  [Folder | Modified Date = 11/14/2007 12:11:12 PM | Attr =    ]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 11/29/2007 9:38:58 AM | Attr =    ]

fgc -> %SystemDrive%\fgc ->  [Folder | Modified Date = 11/30/2007 8:07:58 AM | Attr =    ]

FGCDIR -> %SystemDrive%\FGCDIR ->  [Folder | Modified Date = 11/30/2007 2:30:22 PM | Attr =    ]

KA -> %SystemDrive%\KA ->  [Folder | Modified Date = 11/14/2007 12:11:12 PM | Attr =    ]

NALCache -> %SystemDrive%\NALCache ->  [Folder | Modified Date = 11/30/2007 8:17:44 AM | Attr =  H ]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 11/30/2007 8:06:06 AM | Attr = R  ]

qoobox -> %SystemDrive%\qoobox ->  [Folder | Modified Date = 11/29/2007 9:37:54 AM | Attr =    ]

SCICON -> %SystemDrive%\SCICON ->  [Folder | Modified Date = 11/14/2007 12:11:12 PM | Attr =    ]

TLCWIN -> %SystemDrive%\TLCWIN ->  [Folder | Modified Date = 11/14/2007 12:11:12 PM | Attr =    ]

TTL3HOME -> %SystemDrive%\TTL3HOME ->  [Folder | Modified Date = 11/14/2007 12:11:12 PM | Attr =    ]

VIAVOICE -> %SystemDrive%\VIAVOICE ->  [Folder | Modified Date = 11/14/2007 12:11:12 PM | Attr =    ]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 11/28/2007 10:46:12 AM | Attr =    ]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 11/30/2007 8:06:26 AM | Attr =    ]

AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 11/27/2007 2:04:12 PM | Attr =    ]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 11/30/2007 2:33:10 PM | Attr =   S]

catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 136704 bytes | Modified Date = 11/8/2007 4:59:02 PM | Attr =    ]

CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 11/30/2007 8:17:08 AM | Attr =  HS]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 11/27/2007 1:47:50 PM | Attr =   S]

erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 11/29/2007 9:38:22 AM | Attr =    ]

ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 11/27/2007 2:03:00 PM | Attr =    ]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 11/28/2007 9:16:56 AM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 11/30/2007 8:06:12 AM | Attr =  HS]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 11/30/2007 8:55:12 AM | Attr =    ]

system32 -> %System32% ->  [Folder | Modified Date = 11/30/2007 2:37:26 PM | Attr =    ]

TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 11/30/2007 12:43:12 PM | Attr =    ]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 983 bytes | Modified Date = 11/27/2007 2:01:42 PM | Attr =    ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 11/30/2007 2:32:02 PM | Attr =  H ]

ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 11/29/2007 1:26:08 PM | Attr =    ]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 11/30/2007 8:55:06 AM | Attr =    ]

CMMGR32.EXE -> %System32%\CMMGR32.EXE ->  [Ver =  | Size = 0 bytes | Modified Date = 11/28/2007 11:16:22 AM | Attr =    ]

dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 11/28/2007 2:59:44 PM | Attr = RHS]

drivers -> %System32%\drivers ->  [Folder | Modified Date = 11/30/2007 2:30:44 PM | Attr =    ]

GroupPolicy -> %System32%\GroupPolicy ->  [Folder | Modified Date = 11/30/2007 2:30:58 PM | Attr =    ]

GroupPolicy.UserCache -> %System32%\GroupPolicy.UserCache ->  [Folder | Modified Date = 11/27/2007 1:37:04 PM | Attr =  H ]

Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 11/27/2007 1:47:56 PM | Attr =    ]

NetWare -> %System32%\NetWare ->  [Folder | Modified Date = 11/27/2007 2:04:04 PM | Attr =    ]

novell -> %System32%\novell ->  [Folder | Modified Date = 11/27/2007 2:04:06 PM | Attr =    ]

pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 11/27/2007 1:47:56 PM | Attr =    ]

pcisys.ntk -> %System32%\pcisys.ntk ->  [Ver =  | Size = 8 bytes | Modified Date = 11/30/2007 2:30:08 PM | Attr =    ]

perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 52764 bytes | Modified Date = 11/30/2007 2:37:26 PM | Attr =    ]

perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 380350 bytes | Modified Date = 11/30/2007 2:37:26 PM | Attr =    ]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 439556 bytes | Modified Date = 11/30/2007 2:37:24 PM | Attr =    ]

tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 4374 bytes | Modified Date = 11/29/2007 3:27:46 PM | Attr =    ]

Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 11/27/2007 1:47:56 PM | Attr =    ]

wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 11/30/2007 8:21:08 AM | Attr =    ]
 

[File String Scan - Non-Microsoft Only]

WSUD ,  -> %SystemDrive%\VIRTPART.DAT ->  [Ver =  | Size = 33555456 bytes | Modified Date = 7/25/2007 12:21:52 PM | Attr =    ]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable -> 

PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

PEC2 , PECompact2 ,  -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.2.2.3 | Size = 619156 bytes | Modified Date = 4/19/2006 3:09:20 PM | Attr =    ]

UPX! , UPX0 ,  -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Modified Date = 4/27/2006 4:49:30 PM | Attr =    ]

UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr =    ]

UPX! , UPX0 ,  -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 1/9/2006 9:36:06 AM | Attr =    ]

UPX! , UPX0 ,  -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 5:20:34 AM | Attr =    ]

@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable -> 

UPX! , UPX0 ,  -> %System32%\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Modified Date = 9/5/2007 11:22:24 PM | Attr =    ]

winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr =    ]

UPX! , UPX0 ,  -> %System32%\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Modified Date = 10/3/2007 11:36:46 PM | Attr =    ]
 

< End of report >

Open in new window

0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 20387098
I'm still don't have a clue...
WinPFind is not showing obvious suspicious entries either, unless the culprit is well hidden, have you tried scanning for rootkits?
Maybe this could be hardware/sofware conflict.

Did you install ViaVoice on this date --> 11/14/2007 12:11:12 PM

Do you know these folders below? do they belong to ViaVoice? Created date 11/14/2007 12:11:12 PM
%SystemDrive%\CHICKA
%SystemDrive%\TTL3HOME
%SystemDrive%\KA
%SystemDrive%\SCICON
%SystemDrive%\TLCWIN
%SystemDrive%\VIAVOICE
0
 
LVL 1

Author Comment

by:jaw1971
ID: 20387682
I do not know what Viavoice is-- so I will go back and check that Monday....
I have spent 3 days running virus scans and such-- i am thinking monday a reinstall  of Xp to see what happens
Thanks for your assistance!!
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20387830
Sorry I couldn't be of more help with this.

I looked at your Combofix log again and those files I asked if you know about have the same "Date created" as these programs below, right to the very same minute. I recognized some of these programs are legit. So many programs installed at the same time? are these kind of a bundle of programs?

2007-11-14 12:11      <DIR>      d--------      C:\VIAVOICE
2007-11-14 12:11      <DIR>      d--------      C:\TTL3HOME
2007-11-14 12:11      <DIR>      d--------      C:\TLCWIN
2007-11-14 12:11      <DIR>      d--------      C:\SCICON
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\WEIDENHAMMER
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\THE LEARNING COMPANY
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\TESTTKR
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\TEACHERWORKS
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\TEACHEREXPRESS
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\SZ8036
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\SZ8032
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\SMARTMUSIC 10
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\SILVERLMM
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\PUZZLEMAKER
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\PRENTICE HALL
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\PIXWRITER V2
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\PICTURE IT V4
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\MATHATHON
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\MARIS TECHNOLOGIES
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\MARC WIZARD
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\MARC MAGICIAN
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\LESSONVIEW
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\INSTINCT
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\INFOGRAMES
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\DOLPHIN FILE TRANSFER
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\DAVIDSON
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\CAST
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\BLASTER
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\ATTAINMENT
2007-11-14 12:11      <DIR>      d--------      C:\Program Files\ALPHASMART
2007-11-14 12:11      <DIR>      d--------      C:\KA
0
 
LVL 1

Author Comment

by:jaw1971
ID: 20402539
Well I did some more searchig and found someone with the same error-they removed novell and the error disappeared. So- I removed Novell.. the error is gone. I am now slowly updating Novell client to service pack 4 to from Service pack 2 to see if the error comes back.
I am not sure if this IS the issue= but I wanted to provide an update incase anyone else has a similiar issue..
Thanks for your assistance....
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now