Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Common Mal-ware Problem


  • Please log in to reply
22 replies to this topic

#1 tylor

tylor

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 07 December 2006 - 02:06 PM

Hello,

First off, thank you for reading my problem.

I have some type of mal-ware on my computer that generates random dll's, ie: A0007748.dll, A0007749.dll and so on. It also creates pop-ups, and a little taskbar icon with a bubble message along the lines of "Your computer is infected with unwanted software". I've run S&D, BitDefender, Stinger, and I have McAfee installed on the computer as well.

WinPro AntiVirus 6 is one of the popups I keep getting and I remember seeing "VirusBursters" if that helps at all, because I know I didn't download it.

Here is my HijackThis log file;




Logfile of HijackThis v1.99.1
Scan saved at 1:50:33 PM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\WINDOWS\system32\lgbpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ADP Hollander\Powerlink\BIN\Powerlink.exe
C:\Program Files\ADP Hollander\Powerlink\BIN\Powerlink.exe
C:\Documents and Settings\Thomas\Desktop\bitdefender_free_v8.exe
C:\DOCUME~1\Thomas\LOCALS~1\Temp\IXP000.TMP\Setup.Exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Thomas\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {344AA98B-6644-41CB-6D05-3931C7C4FBC7} - C:\WINDOWS\system32\uzmyuaqk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll (file missing)
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: (no name) - {169C292A-4979-2623-EC4F-04AE8B91565E} - C:\WINDOWS\system32\jezmesh.dll (file missing)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {344AA98B-6644-41CB-6D05-3931C7C4FBC7} - C:\WINDOWS\system32\uzmyuaqk.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\fvrdskdp.dll
O2 - BHO: (no name) - {3D5BACB8-80B9-4CE2-8608-0A5838B2A2CF} - C:\WINDOWS\system32\sstqo.dll (file missing)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {501555F7-52D8-83C1-E026-03B091A90A02} - C:\WINDOWS\system32\ukxpztl.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {83B8C898-758D-40F4-8324-F58C2EB26ED2} - C:\WINDOWS\system32\jkklm.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\efcbxya.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzob.dll,startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Thomas\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LGBLiveUpdate] C:\WINDOWS\system32\lgbpd.exe
O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\ASKS~1\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [Jhlxrm] C:\Program Files\s?stem\?vchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90FD9501-513E-4FEA-8DC7-8DC4128B01C8}: NameServer = 67.20.159.102,67.20.159.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC6A77D7-2FF5-4764-A389-7A44CDEECC9D}: NameServer = 67.20.159.102,67.20.159.103
O20 - Winlogon Notify: efcbxya - efcbxya.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



I would greatly appreciate any help you can offer, and I again thank you for taking the time to read my post.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:11 AM

Posted 07 December 2006 - 04:08 PM

Hello tylor and welcome to Bleeping Computer. I'm going to use you as a test subject if that is Ok.

I would like you to download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 tylor

tylor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 07 December 2006 - 05:31 PM

Thank you very much for helping me, and I apologize for the delay on my reply I was swamped at work.




WinPFind3 logfile created on: 12/7/2006 5:16:32 PM
WinPFind3U by OldTimer - Beta 2 Folder = C:\Documents and Settings\Thomas\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Date = 10/29/2003 2:06:00 AM | Attr = ]
dsagnt.exe -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.8: 2006102516 | Size = 7191149 bytes | Date = 11/13/2006 4:45:08 PM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Date = 12/13/2005 4:41:00 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
lgbpd.exe -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
mcagent.exe -> C:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
mcdetect.exe -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
mcshield.exe -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
mctskshd.exe -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
mcvsescn.exe -> c:\progra~1\mcafee.com\vso\mcvsescn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Date = 7/8/2005 6:16:16 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
mpfagent.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Date = 11/11/2005 4:42:12 PM | Attr = ]
mpfservice.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
mpftray.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
mscifapp.exe -> C:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
netwaiting.exe -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
nicconfigsvc.exe -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
oasclnt.exe -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
powerlink.exe -> C:\Program Files\ADP Hollander\Powerlink\BIN\Powerlink.exe -> Hollander [Ver = 2.03.0054 | Size = 2666570 bytes | Date = 8/24/2006 4:29:22 PM | Attr = ]
powerlink.exe -> C:\Program Files\ADP Hollander\Powerlink\BIN\Powerlink.exe -> Hollander [Ver = 2.03.0054 | Size = 2666570 bytes | Date = 8/24/2006 4:29:22 PM | Attr = ]
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
stsystra.exe -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Thomas\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 288256 bytes | Date = 12/6/2006 9:17:30 PM | Attr = ]
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Date = 10/17/2006 10:33:06 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Date = 7/1/2005 7:22:50 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Date = 5/1/2006 8:22:42 AM | Attr = ]
(SXServ) SX Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\sxserv101.exe -> File not found
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -> Intel® Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Date = 5/1/2006 8:34:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
CTDrive -> rundll32.exe C:\WINDOWS\system32\drvzob.dll -> File not found
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Date = 12/13/2005 4:44:18 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
IntelZeroConfig -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Date = 1/11/2006 12:05:42 PM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
MPSExe -> c:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
MSKDetectorExe -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Date = 8/12/2005 3:16:44 PM | Attr = ]
OASClnt -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
ShowLOMControl -> -> File not found
SigmatelSysTrayApp -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
SynTPEnh -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
VirusScan Online -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
VSOCheckTask -> C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Date = 7/8/2005 6:18:22 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
Jhlxrm -> C:\Program Files\s?stem\?vchost.exe -> File not found
LGBLiveUpdate -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
ModemOnHold -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
Tair -> C:\PROGRA~1\ASKS~1\iexplore.exe -> [Ver = | Size = 70144 bytes | Date = 12/1/2006 2:51:52 PM | Attr = RHS]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} [HKLM] -> C:\WINDOWS\system32\efcbxya.dll [] -> File not found
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{0B5F7FDF-0717-45BF-B49D-695F3168C7FE} [HKLM] -> C:\WINDOWS\system32\admparsek.dll [Master Browseui] -> File not found
{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} [HKLM] -> C:\WINDOWS\system32\fontextd.dll [z] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
efcbxya -> efcbxya.dll -> File not found
igfxcui -> C:\WINDOWS\SYSTEM32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Date = 12/13/2005 4:40:12 PM | Attr = ]
jkklm -> C:\WINDOWS\system32\jkklm.dll -> [Ver = | Size = 276532 bytes | Date = 12/1/2006 6:33:22 PM | Attr = HS]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-0620060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Internet Explorer Settings > ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Start Page -> http://www.comcast.net/comcast.html ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
URLSearchHooks {344AA98B-6644-41CB-6D05-3931C7C4FBC7} [HKLM] -> C:\WINDOWS\system32\uzmyuaqk.dll [Reg Data - Value does not exist] -> [Ver = | Size = 56320 bytes | Date = 11/28/2006 4:03:12 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Date = 11/3/2003 2:17:44 PM | Attr = ]
{0B5F7FDF-0717-45BF-B49D-695F3168C7FE} [HKLM] -> C:\WINDOWS\system32\admparsek.dll [Reg Data - Value does not exist] -> File not found
{11F0EE13-5947-2942-F631-09BEB2706006} [HKLM] -> C:\WINDOWS\system32\wirvufc.dll [Reg Data - Value does not exist] -> [Ver = | Size = 71680 bytes | Date = 11/22/2006 3:11:10 PM | Attr = ]
{169C292A-4979-2623-EC4F-04AE8B91565E} [HKLM] -> C:\WINDOWS\system32\jezmesh.dll [Reg Data - Value does not exist] -> File not found
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> c:\program files\mcafee.com\mps\mcbrhlpr.dll [McBrwHelper Class] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Date = 10/28/2005 10:30:34 AM | Attr = ]
{344AA98B-6644-41CB-6D05-3931C7C4FBC7} [HKLM] -> C:\WINDOWS\system32\uzmyuaqk.dll [Reg Data - Value does not exist] -> [Ver = | Size = 56320 bytes | Date = 11/28/2006 4:03:12 PM | Attr = ]
{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} [HKLM] -> C:\WINDOWS\system32\fvrdskdp.dll [Reg Data - Value does not exist] -> [Ver = | Size = 42516 bytes | Date = 11/27/2006 1:02:14 PM | Attr = ]
{3D5BACB8-80B9-4CE2-8608-0A5838B2A2CF} [HKLM] -> C:\WINDOWS\system32\sstqo.dll [Reg Data - Value does not exist] -> File not found
{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> c:\program files\mcafee.com\mps\popupkiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Date = 10/28/2005 10:30:36 AM | Attr = ]
{501555F7-52D8-83C1-E026-03B091A90A02} [HKLM] -> C:\WINDOWS\system32\ukxpztl.dll [Reg Data - Value does not exist] -> [Ver = | Size = 71680 bytes | Date = 11/30/2006 1:50:18 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} [HKLM] -> C:\WINDOWS\system32\ixt0.dll [] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Date = 10/12/2006 3:25:44 AM | Attr = ]
{83B8C898-758D-40F4-8324-F58C2EB26ED2} [HKLM] -> C:\WINDOWS\system32\jkklm.dll [Reg Data - Value does not exist] -> [Ver = | Size = 276532 bytes | Date = 12/1/2006 6:33:22 PM | Attr = HS]
{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} [HKLM] -> C:\WINDOWS\system32\fontextd.dll [] -> File not found
{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} [HKLM] -> C:\WINDOWS\system32\efcbxya.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8195 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8196 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.5.3598 | Size = 61440 bytes | Date = 8/10/2004 10:37:28 AM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}[HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1}[HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6}[HKLM] -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 6135899 bytes | Date = 11/29/2005 11:44:38 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3}[HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890}[HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56}[HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153}[HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}[HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8}[HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA}[HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 147456 bytes | Date = 12/13/2005 4:44:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{76ABD33C-B95A-4AB0-A4E9-92EEDDC9D150} -> (1394 Net Adapter) ->
{90FD9501-513E-4FEA-8DC7-8DC4128B01C8} -> 67.20.159.102,67.20.159.103 (Intel® PRO/Wireless 3945ABG Network Connection) ->
{EC6A77D7-2FF5-4764-A389-7A44CDEECC9D} -> 67.20.159.102,67.20.159.103 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found

< End of report >

Edited by tylor, 07 December 2006 - 05:38 PM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:11 AM

Posted 07 December 2006 - 06:51 PM

Hi tylor. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download CCleaner and install it but do not run it yet.

Step #2

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Processes - Non-Microsoft Only]
YY -> lgbpd.exe -> C:\WINDOWS\system32\lgbpd.exe
[Win32 Services - Non-Microsoft Only]
YY -> (SXServ) SX Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\sxserv101.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> CTDrive -> C:\WINDOWS\system32\drvzob.dll
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Jhlxrm -> C:\Program Files\s?stem\?vchost.exe
YN -> LGBLiveUpdate -> C:\WINDOWS\system32\lgbpd.exe
YY -> Tair -> C:\PROGRA~1\ASKS~1\iexplore.exe
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} [HKLM] -> C:\WINDOWS\system32\efcbxya.dll []
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} [HKLM] -> C:\WINDOWS\system32\admparsek.dll [Master Browseui]
YY -> {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} [HKLM] -> C:\WINDOWS\system32\fontextd.dll [z]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> efcbxya -> efcbxya.dll
YY -> jkklm -> C:\WINDOWS\system32\jkklm.dll
< Internet Explorer Settings > ->
YY -> URLSearchHooks {344AA98B-6644-41CB-6D05-3931C7C4FBC7} [HKLM] -> C:\WINDOWS\system32\uzmyuaqk.dll [Reg Data - Value does not exist]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} [HKLM] -> C:\WINDOWS\system32\admparsek.dll [Reg Data - Value does not exist]
YY -> {11F0EE13-5947-2942-F631-09BEB2706006} [HKLM] -> C:\WINDOWS\system32\wirvufc.dll [Reg Data - Value does not exist]
YY -> {169C292A-4979-2623-EC4F-04AE8B91565E} [HKLM] -> C:\WINDOWS\system32\jezmesh.dll [Reg Data - Value does not exist]
YY -> {344AA98B-6644-41CB-6D05-3931C7C4FBC7} [HKLM] -> C:\WINDOWS\system32\uzmyuaqk.dll [Reg Data - Value does not exist]
YY -> {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} [HKLM] -> C:\WINDOWS\system32\fvrdskdp.dll [Reg Data - Value does not exist]
YY -> {3D5BACB8-80B9-4CE2-8608-0A5838B2A2CF} [HKLM] -> C:\WINDOWS\system32\sstqo.dll [Reg Data - Value does not exist]
YY -> {501555F7-52D8-83C1-E026-03B091A90A02} [HKLM] -> C:\WINDOWS\system32\ukxpztl.dll [Reg Data - Value does not exist]
YY -> {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} [HKLM] -> C:\WINDOWS\system32\ixt0.dll []
YY -> {83B8C898-758D-40F4-8324-F58C2EB26ED2} [HKLM] -> C:\WINDOWS\system32\jkklm.dll [Reg Data - Value does not exist]
YY -> {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} [HKLM] -> C:\WINDOWS\system32\fontextd.dll []
YY -> {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} [HKLM] -> C:\WINDOWS\system32\efcbxya.dll [Reg Data - Value does not exist]
[Reboot]


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #5

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #6

Create a new WinPFind3U report and post it back here along with the AVG Anti-Spyware report. I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Edited by OldTimer, 07 December 2006 - 07:01 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 tylor

tylor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 08 December 2006 - 12:20 PM

Hello OT, I just tried to run that fix code and it didn't seem to do anything. It looks like the program goes into a loop. It just pastes "Reboot" on all the lines, then freezes.

Just let me know if I should just ignore it and continue with the rest of the process or not.



Thanks,

Tylor

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:11 AM

Posted 08 December 2006 - 05:14 PM

Hi tylor. Yes, you did find a bug . This is a new tool that I am testing out and you are the first person to use it (that's why you are my guinea pig :thumbsup: )

Here's what I would like you to do. Delete the downloaded file winpfind3u.exe and the winpfind3u folder that you currently have. Then, download an updated version of WinPFind3U.exe to your desktop and double-click on it to extract the files again (this will create the folder WinPFind3u on your desktop again).

Open the new WinPFind3u folder and double-click on the new WinPFind3U.exe file to start the program.

Follow the directions above for the fix.

Sorry for the inconvenience.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 tylor

tylor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 11 December 2006 - 01:21 PM

Well I have some bad news, the process did not seem to work. After I followed all the steps I procceded to reboot into Windows normally, and all of my problems were back instantly. Here are the reports you requested;

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:08:09 PM 12/11/2006

+ Scan result:



C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP107\A0007977.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP115\A0012277.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP97\A0006617.dll -> Adware.SafetyBar : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP97\A0006623.dll -> Adware.SafetyBar : No action taken.
C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-060001}\system.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP101\A0007767.exe -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP101\A0007769.exe -> Adware.Softomate : No action taken.
C:\WINDOWS\system32\iifddee.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\xxyvuuu.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP101\A0007744.exe -> Downloader.Agent.apb : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP97\A0006608.dll -> Downloader.Small.dzp : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP101\A0007733.exe -> Downloader.Zlob.bbq : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP107\A0007976.exe -> Downloader.Zlob.bbq : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP107\A0008979.exe -> Downloader.Zlob.bbq : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP107\A0009008.exe -> Downloader.Zlob.bbq : No action taken.
C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.bbq : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP108\A0009037.exe -> Downloader.Zlob.bbz : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP107\A0008978.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP101\A0007747.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP115\A0012278.exe -> Trojan.Small : No action taken.
C:\WINDOWS\system32\wnsapisv.exe -> Trojan.Small : No action taken.


::Report end



WinPFind3 logfile created on: 12/11/2006 1:12:12 PM
WinPFind3U by OldTimer - Pre-Release 1b Folder = C:\Documents and Settings\Thomas\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Date = 10/29/2003 2:06:00 AM | Attr = ]
dsagnt.exe -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.8: 2006102516 | Size = 7191149 bytes | Date = 11/13/2006 4:45:08 PM | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Date = 12/13/2005 4:41:00 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
lgbpd.exe -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
mcagent.exe -> C:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
mcdetect.exe -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
mcshield.exe -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
mctskshd.exe -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
mcvsescn.exe -> c:\progra~1\mcafee.com\vso\mcvsescn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Date = 7/8/2005 6:16:16 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
mpfagent.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Date = 11/11/2005 4:42:12 PM | Attr = ]
mpfservice.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
mpftray.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
mscifapp.exe -> C:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
netwaiting.exe -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
nicconfigsvc.exe -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
oasclnt.exe -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
stsystra.exe -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Thomas\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 289792 bytes | Date = 12/10/2006 10:20:38 AM | Attr = ]
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Date = 10/17/2006 10:33:06 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Date = 9/28/2006 9:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Date = 7/1/2005 7:22:50 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Date = 5/1/2006 8:22:42 AM | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -> Intel® Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Date = 5/1/2006 8:34:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
CTDrive -> rundll32.exe C:\WINDOWS\system32\drvzob.dll -> File not found
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Date = 12/13/2005 4:44:18 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
IntelZeroConfig -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Date = 1/11/2006 12:05:42 PM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
MPSExe -> c:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
MSKDetectorExe -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Date = 8/12/2005 3:16:44 PM | Attr = ]
OASClnt -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
ShowLOMControl -> -> File not found
SigmatelSysTrayApp -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
SynTPEnh -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
VirusScan Online -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
VSOCheckTask -> C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Date = 7/8/2005 6:18:22 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
Jhlxrm -> C:\Program Files\s?stem\?vchost.exe -> File not found
LGBLiveUpdate -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
ModemOnHold -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
Tair -> C:\PROGRA~1\ASKS~1\iexplore.exe -> [Ver = | Size = 70144 bytes | Date = 12/1/2006 2:51:52 PM | Attr = RHS]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
efcbxya -> efcbxya.dll -> File not found
igfxcui -> C:\WINDOWS\SYSTEM32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Date = 12/13/2005 4:40:12 PM | Attr = ]
jkklm -> C:\WINDOWS\system32\jkklm.dll -> [Ver = | Size = 276532 bytes | Date = 12/1/2006 6:33:22 PM | Attr = HS]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-0620060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.comcast.net/comcast.html ->
HKCU: URLSearchHooks\\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: URLSearchHooks\\{B3773762-F9A4-D970-823E-FA4DF0F77C9D} [HKLM] -> C:\WINDOWS\system32\dovyd.dll [Reg Data - Value does not exist] -> [Ver = | Size = 56832 bytes | Date = 12/6/2006 9:11:30 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Date = 11/3/2003 2:17:44 PM | Attr = ]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> c:\program files\mcafee.com\mps\mcbrhlpr.dll [McBrwHelper Class] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Date = 10/28/2005 10:30:34 AM | Attr = ]
{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> c:\program files\mcafee.com\mps\popupkiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Date = 10/28/2005 10:30:36 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Date = 10/12/2006 3:25:44 AM | Attr = ]
{B3773762-F9A4-D970-823E-FA4DF0F77C9D} [HKLM] -> C:\WINDOWS\system32\dovyd.dll [Reg Data - Value does not exist] -> [Ver = | Size = 56832 bytes | Date = 12/6/2006 9:11:30 AM | Attr = ]
{DDB68620-0F4B-4420-B170-1D9C3B211173} [HKLM] -> C:\WINDOWS\system32\jkklm.dll [Reg Data - Value does not exist] -> [Ver = | Size = 276532 bytes | Date = 12/1/2006 6:33:22 PM | Attr = HS]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8195 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8196 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.5.3598 | Size = 61440 bytes | Date = 8/10/2004 10:37:28 AM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 6135899 bytes | Date = 11/29/2005 11:44:38 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 147456 bytes | Date = 12/13/2005 4:44:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{76ABD33C-B95A-4AB0-A4E9-92EEDDC9D150} -> (1394 Net Adapter) ->
{90FD9501-513E-4FEA-8DC7-8DC4128B01C8} -> 67.20.159.102,67.20.159.103 (Intel® PRO/Wireless 3945ABG Network Connection) ->
{EC6A77D7-2FF5-4764-A389-7A44CDEECC9D} -> 67.20.159.102,67.20.159.103 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found

< End of report >




Thank you for your continuing efforts to help solve my problem


p.s. I just noticed after I posted that in the AVG report after every line it says "No Action Taken" I was curious because I made 100% sure that "Quarantine" was selected as the action to take.

Edited by tylor, 11 December 2006 - 01:24 PM.


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:11 AM

Posted 11 December 2006 - 05:15 PM

Hi tylor. Yes, it does appear that AVG did not quarantine the items. We do not have to worry about any items in the restore points (just don't do a system restore at this point). We will clean those out in a bit.

Let's attack the vundo infection with a special tool for that.

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
    [*Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click YES, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
OK. Start WinPFind3u and perform a new scan. Use the Add Reply button to post your new log file back here along with the log file from VundoFix (c:\vundofix.txt) and details of any problems you encountered performing the above steps and I will review the information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 tylor

tylor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 12 December 2006 - 02:05 PM

Whew. Okay I've run the vundofix, rebooted and run the WinpFind3U and here is the log


WinPFind3 logfile created on: 12/12/2006 1:49:43 PM
WinPFind3U by OldTimer - Pre-Release 1b Folder = C:\Documents and Settings\Thomas\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Date = 10/29/2003 2:06:00 AM | Attr = ]
dsagnt.exe -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
iexplore.exe -> C:\PROGRA~1\ASKS~1\iexplore.exe -> [Ver = | Size = 70144 bytes | Date = 12/1/2006 2:51:52 PM | Attr = RHS]
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Date = 12/13/2005 4:41:00 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
lgbpd.exe -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
mcagent.exe -> C:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
mcdetect.exe -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
mcshield.exe -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
mctskshd.exe -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
mcvsescn.exe -> c:\progra~1\mcafee.com\vso\mcvsescn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Date = 7/8/2005 6:16:16 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
mpfagent.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Date = 11/11/2005 4:42:12 PM | Attr = ]
mpfservice.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
mpftray.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
mscifapp.exe -> C:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
netwaiting.exe -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
nicconfigsvc.exe -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
oasclnt.exe -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
stsystra.exe -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Thomas\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 289792 bytes | Date = 12/10/2006 10:20:38 AM | Attr = ]
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Date = 10/17/2006 10:33:06 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Date = 9/28/2006 9:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Date = 7/1/2005 7:22:50 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Date = 5/1/2006 8:22:42 AM | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -> Intel® Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Date = 5/1/2006 8:34:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
CTDrive -> rundll32.exe C:\WINDOWS\system32\drvzob.dll -> File not found
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Date = 12/13/2005 4:44:18 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
IntelZeroConfig -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> c:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Date = 1/11/2006 12:05:42 PM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
MPSExe -> c:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
MSKDetectorExe -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Date = 8/12/2005 3:16:44 PM | Attr = ]
OASClnt -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
ShowLOMControl -> -> File not found
SigmatelSysTrayApp -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
SynTPEnh -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
VirusScan Online -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
VSOCheckTask -> C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Date = 7/8/2005 6:18:22 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
Jhlxrm -> C:\Program Files\s?stem\?vchost.exe -> File not found
LGBLiveUpdate -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
ModemOnHold -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
Tair -> C:\PROGRA~1\ASKS~1\iexplore.exe -> [Ver = | Size = 70144 bytes | Date = 12/1/2006 2:51:52 PM | Attr = RHS]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
efcbxya -> efcbxya.dll -> File not found
igfxcui -> C:\WINDOWS\SYSTEM32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Date = 12/13/2005 4:40:12 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-0620060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.comcast.net/comcast.html ->
HKCU: URLSearchHooks\\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: URLSearchHooks\\{F0DB0397-9553-BB8C-7754-9C5B512D6595} [HKLM] -> C:\WINDOWS\system32\qbnewh.dll [Reg Data - Value does not exist] -> [Ver = | Size = 56320 bytes | Date = 12/11/2006 8:39:16 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Date = 11/3/2003 2:17:44 PM | Attr = ]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> c:\program files\mcafee.com\mps\mcbrhlpr.dll [McBrwHelper Class] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Date = 10/28/2005 10:30:34 AM | Attr = ]
{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> c:\program files\mcafee.com\mps\popupkiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Date = 10/28/2005 10:30:36 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Date = 10/12/2006 3:25:44 AM | Attr = ]
{BB3077FE-A50F-43D0-9FB5-6140D3948FC7} [HKLM] -> C:\WINDOWS\system32\jkklm.dll [Reg Data - Value does not exist] -> File not found
{F0DB0397-9553-BB8C-7754-9C5B512D6595} [HKLM] -> C:\WINDOWS\system32\qbnewh.dll [Reg Data - Value does not exist] -> [Ver = | Size = 56320 bytes | Date = 12/11/2006 8:39:16 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8195 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8196 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.5.3598 | Size = 61440 bytes | Date = 8/10/2004 10:37:28 AM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 6135899 bytes | Date = 11/29/2005 11:44:38 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 147456 bytes | Date = 12/13/2005 4:44:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{76ABD33C-B95A-4AB0-A4E9-92EEDDC9D150} -> (1394 Net Adapter) ->
{90FD9501-513E-4FEA-8DC7-8DC4128B01C8} -> 67.20.159.102,67.20.159.103 (Intel® PRO/Wireless 3945ABG Network Connection) ->
{EC6A77D7-2FF5-4764-A389-7A44CDEECC9D} -> 67.20.159.102,67.20.159.103 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found

< End of report >




Here is the VundoFix log;

VundoFix V6.2.13

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 1:30:17 PM 12/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\zbnirem.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\mlkkj.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\zbnirem.dll
C:\WINDOWS\system32\zbnirem.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\jkklm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\mlkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkkj.tmp
C:\WINDOWS\system32\mlkkj.tmp Has been deleted!

Performing Repairs to the registry.
Done!


Sorry for putting you through this OT, but I appreciate your help beyond all belief. :thumbsup: :flowers:

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:11 AM

Posted 12 December 2006 - 04:42 PM

Hi tylor. It looks better but we still have a couple of items hanging around in there. Let's see if we can't get rid of them.

Start WinPFind3u and copy/paste the information in the quotebox below into the Fix pane. Close all open programs except WinPFind3u and click the Run Fix button.

Your desktop and taskbar will disappear while the fix is being performed and then you will be asked to reboot the machine. Choose Ok to reboot.

After the reboot, in the WinPFind3u folder there will be a log file with a name in the format: mmddyyyy_hhmmss.log (ex 12122006_163005.log). Post that log along with a new WinPFind3u scan log and I will review the information when it comes in.

Cheers.

OT

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> lgbpd.exe -> C:\WINDOWS\system32\lgbpd.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ->
YY -> CTDrive -> rundll32.exe C:\WINDOWS\system32\drvzob.dll
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Jhlxrm -> C:\Program Files\s?stem\?vchost.exe
YY -> LGBLiveUpdate -> C:\WINDOWS\system32\lgbpd.exe
YY -> Tair -> C:\PROGRA~1\ASKS~1\iexplore.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> efcbxya -> efcbxya.dll
< Internet Explorer Settings > ->
YN -> HKCU: URLSearchHooks\\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YY -> HKCU: URLSearchHooks\\{F0DB0397-9553-BB8C-7754-9C5B512D6595} [HKLM] -> C:\WINDOWS\system32\qbnewh.dll [Reg Data - Value does not exist]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {BB3077FE-A50F-43D0-9FB5-6140D3948FC7} [HKLM] -> C:\WINDOWS\system32\jkklm.dll [Reg Data - Value does not exist]
YY -> {F0DB0397-9553-BB8C-7754-9C5B512D6595} [HKLM] -> C:\WINDOWS\system32\qbnewh.dll [Reg Data - Value does not exist]
[ Extra Files ]
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\wnsapisv.exe
[Reboot]


I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 tylor

tylor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 13 December 2006 - 10:49 AM

Here you go boss;

WinPFind3 logfile created on: 12/13/2006 10:43:23 AM
WinPFind3U by OldTimer - Pre-Release 1b Folder = C:\Documents and Settings\Thomas\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Date = 10/29/2003 2:06:00 AM | Attr = ]
dsagnt.exe -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
iexplore.exe -> C:\PROGRA~1\ASKS~1\iexplore.exe -> [Ver = | Size = 70144 bytes | Date = 12/1/2006 2:51:52 PM | Attr = RHS]
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Date = 12/13/2005 4:41:00 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
lgbpd.exe -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
mcagent.exe -> C:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
mcdetect.exe -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
mcshield.exe -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
mctskshd.exe -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
mcvsescn.exe -> c:\progra~1\mcafee.com\vso\mcvsescn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Date = 7/8/2005 6:16:16 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
mpfagent.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Date = 11/11/2005 4:42:12 PM | Attr = ]
mpfservice.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
mpftray.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
mscifapp.exe -> C:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
netwaiting.exe -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
nicconfigsvc.exe -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
oasclnt.exe -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
stsystra.exe -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Thomas\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 289792 bytes | Date = 12/10/2006 10:20:38 AM | Attr = ]
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Date = 10/17/2006 10:33:06 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Date = 9/28/2006 9:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 7:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 8/10/2005 11:22:02 AM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 8/24/2005 4:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Date = 7/1/2005 7:22:50 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Date = 11/11/2005 4:43:04 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Date = 12/6/2005 10:45:26 AM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Date = 5/1/2006 8:20:26 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Date = 5/1/2006 8:22:42 AM | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -> Intel® Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Date = 5/1/2006 8:34:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTDrive -> rundll32.exe C:\WINDOWS\system32\drvzob.dll -> File not found
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Date = 12/6/2005 10:45:14 AM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Date = 12/9/2005 8:29:52 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Date = 12/13/2005 4:41:08 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Date = 12/13/2005 4:44:18 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Date = 5/1/2006 8:28:26 AM | Attr = ]
IntelZeroConfig -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Date = 5/1/2006 8:28:06 AM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 6/10/2005 10:44:02 AM | Attr = ]
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Date = 1/11/2006 12:05:42 PM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Date = 11/11/2005 5:00:56 PM | Attr = ]
MPSExe -> c:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Date = 3/30/2006 2:31:24 PM | Attr = ]
MSKDetectorExe -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Date = 8/12/2005 3:16:44 PM | Attr = ]
OASClnt -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 8/11/2005 10:02:44 PM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Date = 4/11/2004 8:15:14 PM | Attr = ]
ShowLOMControl -> -> File not found
SigmatelSysTrayApp -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Date = 11/16/2005 2:35:16 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Date = 10/12/2006 3:10:54 AM | Attr = ]
SynTPEnh -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Date = 11/29/2005 11:56:30 AM | Attr = ]
VirusScan Online -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 8/10/2005 12:49:20 PM | Attr = ]
VSOCheckTask -> C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Date = 7/8/2005 6:18:22 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 5/15/2005 2:04:12 AM | Attr = ]
Jhlxrm -> C:\Program Files\s?stem\?vchost.exe -> File not found
LGBLiveUpdate -> C:\WINDOWS\system32\lgbpd.exe -> [Ver = | Size = 1043456 bytes | Date = 7/11/2006 9:23:06 AM | Attr = ]
ModemOnHold -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Date = 9/10/2003 2:24:00 AM | Attr = ]
Tair -> C:\PROGRA~1\ASKS~1\iexplore.exe -> [Ver = | Size = 70144 bytes | Date = 12/1/2006 2:51:52 PM | Attr = RHS]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
efcbxya -> efcbxya.dll -> File not found
igfxcui -> C:\WINDOWS\SYSTEM32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Date = 12/13/2005 4:40:12 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-0620060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.comcast.net/comcast.html ->
HKCU: URLSearchHooks\\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Date = 11/3/2003 2:17:44 PM | Attr = ]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> c:\program files\mcafee.com\mps\mcbrhlpr.dll [McBrwHelper Class] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Date = 10/28/2005 10:30:34 AM | Attr = ]
{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> c:\program files\mcafee.com\mps\popupkiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Date = 10/28/2005 10:30:36 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Date = 10/12/2006 3:25:44 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8195 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8196 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.5.3598 | Size = 61440 bytes | Date = 8/10/2004 10:37:28 AM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 6135899 bytes | Date = 11/29/2005 11:44:38 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Date = 12/6/2004 1:05:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 8/4/2004 5:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Microsoft Url Search Hook] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 147456 bytes | Date = 12/13/2005 4:44:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 7/1/2005 8:44:30 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Date = 9/14/2006 12:20:24 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{76ABD33C-B95A-4AB0-A4E9-92EEDDC9D150} -> (1394 Net Adapter) ->
{90FD9501-513E-4FEA-8DC7-8DC4128B01C8} -> 67.20.159.102,67.20.159.103 (Intel® PRO/Wireless 3945ABG Network Connection) ->
{EC6A77D7-2FF5-4764-A389-7A44CDEECC9D} -> 67.20.159.102,67.20.159.103 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found

< End of report >




And the fix log, it didn't restart my computer, it just logged me off. Just so you know.


Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process lgbpd.ex .
[Registry - Non-Microsoft Only]
Registry value KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Unable to delete registry value KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTDriv .
Unable to delete registry value KEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Jhlxr .
Unable to delete registry value KEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LGBLiveUpdat .
Unable to delete registry value KEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Tai .
Unable to delete registry key KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcbxy .
Unable to delete registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F0DB0397-9553-BB8C-7754-9C5B512D6595} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0DB0397-9553-BB8C-7754-9C5B512D6595} deleted successfully.
Registry key KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB3077FE-A50F-43D0-9FB5-6140D3948FC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB3077FE-A50F-43D0-9FB5-6140D3948FC7} deleted successfully.
Registry key KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DB0397-9553-BB8C-7754-9C5B512D6595} deleted successfully.
[ Extra Files ]
C:\WINDOWS\system32\wnsapisv.exe moved successfully.
< End of log >
Created on 12/13/2006 10:41:35



#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:11 AM

Posted 13 December 2006 - 10:40 PM

Hi tylor. Thanks for helping out with this. You are blazing a new trail with infection repair :thumbsup:

The fix log pointed out a couple of issues with the WinPFind3u application. I traced the problems back to the forum software subtly changing the fix so that it would not run properly. I have updated the program to accommodate these changes and have uploaded a newer version. Can you please download the latest here: http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe and save it to your desktop.

Delete your current WinPFind3u folder and then extract the files from the new download by double-clicking on the WinPFind3u.exe program that you downloaded to your desktop.

Open the WinPFind3u folder and start the WinPFind3u program. Copy/paste the information in the quotebox below into the program and click the Run Fix button.

When the fix is done, you should be asked to reboot your computer. After the reboot, start WinPFind3u again, but before running the scan change to default options as follows:
  • In both the Files Created Within and Files Modified Within groups, select 30 days for each.
  • In the File String Search group, select Non-Microsoft.
Now click the Run Scan button to create the log. Post that back here along with the fix log like you did previously.

Thanks so much for your help.

Cheers.

OT

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> iexplore.exe -> C:\PROGRA~1\ASKS~1\iexplore.exe
YY -> lgbpd.exe -> C:\WINDOWS\system32\lgbpd.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> CTDrive -> C:\WINDOWS\system32\drvzob.dll
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Jhlxrm -> C:\Program Files\s?stem\?vchost.exe
YN -> LGBLiveUpdate -> C:\WINDOWS\system32\lgbpd.exe
YN -> Tair -> C:\PROGRA~1\ASKS~1\iexplore.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> efcbxya -> efcbxya.dll
< Internet Explorer Settings > ->
YN -> HKCU: URLSearchHooks\\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[ Extra Files ]
C:\PROGRA~1\ASKS~1\
[Reboot]


I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 tylor

tylor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 14 December 2006 - 05:19 PM

Okay, I ran the fix which ran fine and promted me if I would like to reboot. I chose "Yes" but it only logged me off again. After I restarted the computer I ran the scan with the settings you described. It took quite a while for the scan to complete, much longer than the first couple. I assume its just because of the extra scanning involved, but I just figured I'd let ya know. Here's your log;

WinPFind3 logfile created on: 12/14/2006 5:11:02 PM
WinPFind3U by OldTimer - Pre-Release 1e Folder = C:\Documents and Settings\Thomas\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ]
dsagnt.exe -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 2:04:12 AM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 8:29:52 PM | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 4:41:08 PM | Attr = ]
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Modified Date = 5/1/2006 8:28:26 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 12/13/2005 4:41:00 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
mcagent.exe -> C:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
mcdetect.exe -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 7:56:16 PM | Attr = ]
mcshield.exe -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 11:22:02 AM | Attr = ]
mctskshd.exe -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 4:01:04 PM | Attr = ]
mcvsescn.exe -> c:\progra~1\mcafee.com\vso\mcvsescn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Modified Date = 7/8/2005 6:16:16 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 12:49:20 PM | Attr = ]
mpfagent.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Modified Date = 11/11/2005 4:42:12 PM | Attr = ]
mpfservice.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Modified Date = 11/11/2005 4:43:04 PM | Attr = ]
mpftray.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Modified Date = 11/11/2005 5:00:56 PM | Attr = ]
mscifapp.exe -> C:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Modified Date = 3/30/2006 2:31:24 PM | Attr = ]
netwaiting.exe -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ]
nicconfigsvc.exe -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Modified Date = 12/6/2005 10:45:26 AM | Attr = ]
oasclnt.exe -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 10:02:44 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 4/11/2004 8:15:14 PM | Attr = ]
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Modified Date = 12/6/2005 10:45:14 AM | Attr = ]
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 5/1/2006 8:20:26 AM | Attr = ]
stsystra.exe -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Modified Date = 11/16/2005 2:35:16 PM | Attr = ]
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Modified Date = 11/29/2005 11:56:30 AM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Thomas\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 295936 bytes | Modified Date = 12/13/2006 8:29:16 PM | Attr = ]
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Modified Date = 5/1/2006 8:28:06 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 10/17/2006 10:33:06 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 7:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 11:22:02 AM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 4:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 7/1/2005 7:22:50 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Modified Date = 11/11/2005 4:43:04 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Modified Date = 12/6/2005 10:45:26 AM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 5/1/2006 8:20:26 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Modified Date = 5/1/2006 8:22:42 AM | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -> Intel® Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Modified Date = 5/1/2006 8:34:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Modified Date = 12/6/2005 10:45:14 AM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 8:29:52 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 4:41:08 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 12/13/2005 4:44:18 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Modified Date = 5/1/2006 8:28:26 AM | Attr = ]
IntelZeroConfig -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Modified Date = 5/1/2006 8:28:06 AM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> C:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 12:05:42 PM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Modified Date = 11/11/2005 5:00:56 PM | Attr = ]
MPSExe -> c:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Modified Date = 3/30/2006 2:31:24 PM | Attr = ]
MSKDetectorExe -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 3:16:44 PM | Attr = ]
OASClnt -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 10:02:44 PM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 4/11/2004 8:15:14 PM | Attr = ]
ShowLOMControl -> -> File not found
SigmatelSysTrayApp -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Modified Date = 11/16/2005 2:35:16 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
SynTPEnh -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Modified Date = 11/29/2005 11:56:30 AM | Attr = ]
VirusScan Online -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 12:49:20 PM | Attr = ]
VSOCheckTask -> C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Modified Date = 7/8/2005 6:18:22 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 2:04:12 AM | Attr = ]
ModemOnHold -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 12/13/2005 4:40:12 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-0620060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.comcast.net/comcast.html ->
HKCU: URLSearchHooks\\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: URLSearchHooks\\{93D64C96-8952-FE88-2101-891A05C8089B} [HKLM] -> C:\WINDOWS\system32\mthxhmg.dll [Reg Data - Value does not exist] -> [Ver = | Size = 59392 bytes | Modified Date = 12/11/2006 8:42:44 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr = ]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> c:\program files\mcafee.com\mps\mcbrhlpr.dll [McBrwHelper Class] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Modified Date = 10/28/2005 10:30:34 AM | Attr = ]
{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> c:\program files\mcafee.com\mps\popupkiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Modified Date = 10/28/2005 10:30:36 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{93D64C96-8952-FE88-2101-891A05C8089B} [HKLM] -> C:\WINDOWS\system32\mthxhmg.dll [Reg Data - Value does not exist] -> [Ver = | Size = 59392 bytes | Modified Date = 12/11/2006 8:42:44 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 8:44:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8195 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8196 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.5.3598 | Size = 61440 bytes | Modified Date = 8/10/2004 10:37:28 AM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 6135899 bytes | Modified Date = 11/29/2005 11:44:38 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Microsoft Url Search Hook] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 8:44:30 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 147456 bytes | Modified Date = 12/13/2005 4:44:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 8:44:30 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{76ABD33C-B95A-4AB0-A4E9-92EEDDC9D150} -> (1394 Net Adapter) ->
{90FD9501-513E-4FEA-8DC7-8DC4128B01C8} -> 67.20.159.102,67.20.159.103 (Intel® PRO/Wireless 3945ABG Network Connection) ->
{EC6A77D7-2FF5-4764-A389-7A44CDEECC9D} -> 67.20.159.102,67.20.159.103 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 526843904 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 2289 bytes | Created Date = 11/22/2006 4:18:40 PM | Attr = ]
vm404.log -> C:\vm404.log -> [Ver = | Size = 2213 bytes | Created Date = 11/20/2006 1:39:33 PM | Attr = HS]
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 1244 bytes | Created Date = 12/12/2006 1:30:17 PM | Attr = ]
system.dll -> C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\system.dll -> [Ver = | Size = 6656 bytes | Created Date = 12/1/2006 4:23:00 PM | Attr = ]
bdfree.msi -> C:\Program Files\Common Files\Softwin\Setup Information\{8BFFDBAB-FD81-4137-A98E-A769C828080C}\bdfree.msi -> [Ver = | Size = 11369984 bytes | Created Date = 12/7/2006 1:47:33 PM | Attr = H ]
gc404.cnf -> C:\WINDOWS\gc404.cnf -> [Ver = | Size = 41 bytes | Created Date = 11/30/2006 7:56:25 AM | Attr = ]
gsc404.cnf -> C:\WINDOWS\gsc404.cnf -> [Ver = | Size = 1779 bytes | Created Date = 11/30/2006 7:56:25 AM | Attr = ]
KB920213.log -> C:\WINDOWS\KB920213.log -> [Ver = | Size = 14295 bytes | Created Date = 11/16/2006 11:54:37 AM | Attr = ]
KB923980.log -> C:\WINDOWS\KB923980.log -> [Ver = | Size = 14206 bytes | Created Date = 11/16/2006 11:54:48 AM | Attr = ]
KB924270.log -> C:\WINDOWS\KB924270.log -> [Ver = | Size = 13859 bytes | Created Date = 11/16/2006 11:54:45 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 582914 bytes | Created Date = 11/22/2006 4:17:02 PM | Attr = ]
popcinfo.dat -> C:\WINDOWS\popcinfo.dat -> [Ver = | Size = 16 bytes | Created Date = 11/19/2006 4:42:52 PM | Attr = ]
scf101.log -> C:\WINDOWS\scf101.log -> [Ver = | Size = 145 bytes | Created Date = 11/29/2006 1:25:24 PM | Attr = ]
sct101.log -> C:\WINDOWS\sct101.log -> [Ver = | Size = 21 bytes | Created Date = 11/29/2006 1:25:24 PM | Attr = ]
taskmen32.pif -> C:\WINDOWS\taskmen32.pif -> [Ver = | Size = 99 bytes | Created Date = 11/30/2006 7:56:25 AM | Attr = ]
abdlofaq.exe -> C:\WINDOWS\System32\abdlofaq.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/7/2006 8:05:28 AM | Attr = ]
amnmlwlm.exe -> C:\WINDOWS\System32\amnmlwlm.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/1/2006 6:33:48 PM | Attr = ]
bcdr32.dll -> C:\WINDOWS\System32\bcdr32.dll -> Informatics, Inc. [Ver = 5.1.0.0 | Size = 209368 bytes | Created Date = 12/2/2006 11:18:59 AM | Attr = ]
bcxl32.dll -> C:\WINDOWS\System32\bcxl32.dll -> Informatics, Inc. [Ver = 5.1.0.0 | Size = 131552 bytes | Created Date = 12/2/2006 11:18:59 AM | Attr = ]
buqxxxjj.exe -> C:\WINDOWS\System32\buqxxxjj.exe -> [Ver = | Size = 88340 bytes | Created Date = 11/29/2006 1:02:38 PM | Attr = ]
caheeggc.exe -> C:\WINDOWS\System32\caheeggc.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/11/2006 1:11:10 PM | Attr = ]
chsnxkkf.exe -> C:\WINDOWS\System32\chsnxkkf.exe -> [Ver = | Size = 88340 bytes | Created Date = 11/30/2006 1:04:36 PM | Attr = ]
clc_my.exe -> C:\WINDOWS\System32\clc_my.exe -> [Ver = | Size = 87552 bytes | Created Date = 11/30/2006 10:53:25 AM | Attr = ]
ClickToFindandFixErrors_4.ico -> C:\WINDOWS\System32\ClickToFindandFixErrors_4.ico -> [Ver = | Size = 2238 bytes | Created Date = 12/1/2006 2:52:31 PM | Attr = ]
dbckhuku.exe -> C:\WINDOWS\System32\dbckhuku.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/11/2006 3:25:11 PM | Attr = ]
dkrdbgli.exe -> C:\WINDOWS\System32\dkrdbgli.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/7/2006 1:35:19 PM | Attr = ]
dqydddjt.exe -> C:\WINDOWS\System32\dqydddjt.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/8/2006 11:40:37 AM | Attr = ]
duhnqept.exe -> C:\WINDOWS\System32\duhnqept.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/6/2006 8:05:21 AM | Attr = ]
emvmdycv.exe -> C:\WINDOWS\System32\emvmdycv.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/5/2006 8:04:45 AM | Attr = ]
hhkhdqyv.exe -> C:\WINDOWS\System32\hhkhdqyv.exe -> [Ver = | Size = 88340 bytes | Created Date = 11/28/2006 1:02:20 PM | Attr = ]
iifddee.dll -> C:\WINDOWS\System32\iifddee.dll -> [Ver = | Size = 40973 bytes | Created Date = 11/30/2006 1:49:43 PM | Attr = HS]
instlsp.exe -> C:\WINDOWS\System32\instlsp.exe -> [Ver = | Size = 32768 bytes | Created Date = 12/1/2006 4:55:28 PM | Attr = ]
irfrosrd.exe -> C:\WINDOWS\System32\irfrosrd.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/7/2006 1:13:54 PM | Attr = ]
lokuivbg.exe -> C:\WINDOWS\System32\lokuivbg.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/11/2006 1:11:52 PM | Attr = ]
mclsp.dll -> C:\WINDOWS\System32\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Created Date = 12/1/2006 4:55:29 PM | Attr = ]
mcrh.tmp -> C:\WINDOWS\System32\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 11/27/2006 1:21:56 PM | Attr = ]
mcrtl32.dll -> C:\WINDOWS\System32\mcrtl32.dll -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 90112 bytes | Created Date = 12/1/2006 4:55:34 PM | Attr = ]
MobileSidewalkRON_2.ico -> C:\WINDOWS\System32\MobileSidewalkRON_2.ico -> [Ver = | Size = 72566 bytes | Created Date = 12/1/2006 10:04:13 AM | Attr = ]
MpfApi.dll -> C:\WINDOWS\System32\MpfApi.dll -> McAfee [Ver = 7.1.0.113 | Size = 9216 bytes | Created Date = 12/1/2006 5:00:35 PM | Attr = ]
mthxhmg.dll -> C:\WINDOWS\System32\mthxhmg.dll -> [Ver = | Size = 59392 bytes | Created Date = 12/14/2006 10:07:53 AM | Attr = ]
nyrwkihu.exe -> C:\WINDOWS\System32\nyrwkihu.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/11/2006 3:24:50 PM | Attr = ]
oqtss.bak1 -> C:\WINDOWS\System32\oqtss.bak1 -> [Ver = | Size = 805947 bytes | Created Date = 11/20/2006 1:39:41 PM | Attr = HS]
oqtss.bak2 -> C:\WINDOWS\System32\oqtss.bak2 -> [Ver = | Size = 791326 bytes | Created Date = 11/22/2006 1:39:56 PM | Attr = HS]
oqtss.ini -> C:\WINDOWS\System32\oqtss.ini -> [Ver = | Size = 837079 bytes | Created Date = 11/20/2006 1:39:34 PM | Attr = HS]
oqucmoep.exe -> C:\WINDOWS\System32\oqucmoep.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/1/2006 1:02:48 PM | Attr = ]
pbqanxwn.exe -> C:\WINDOWS\System32\pbqanxwn.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/4/2006 8:04:09 AM | Attr = ]
qmiqsdle.exe -> C:\WINDOWS\System32\qmiqsdle.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/4/2006 7:59:18 AM | Attr = ]
rqimljpb.exe -> C:\WINDOWS\System32\rqimljpb.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/4/2006 8:04:22 AM | Attr = ]
SrchSTS.exe -> C:\WINDOWS\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 11/22/2006 4:18:27 PM | Attr = ]
swreg.exe -> C:\WINDOWS\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 11/22/2006 4:18:27 PM | Attr = ]
swsc.exe -> C:\WINDOWS\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 11/22/2006 4:18:27 PM | Attr = ]
tpmbbyks.exe -> C:\WINDOWS\System32\tpmbbyks.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/2/2006 10:37:37 AM | Attr = ]
ukxpztl.dll -> C:\WINDOWS\System32\ukxpztl.dll -> [Ver = | Size = 71680 bytes | Created Date = 11/30/2006 1:50:16 PM | Attr = ]
ulcnvxrq.exe -> C:\WINDOWS\System32\ulcnvxrq.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/11/2006 7:47:30 AM | Attr = ]
vxawjsih.exe -> C:\WINDOWS\System32\vxawjsih.exe -> [Ver = | Size = 88340 bytes | Created Date = 11/27/2006 1:02:09 PM | Attr = ]
wnsapisv.exe -> C:\WINDOWS\System32\wnsapisv.exe -> [Ver = | Size = 2 bytes | Created Date = 12/14/2006 10:07:54 AM | Attr = ]
xmqxibod.exe -> C:\WINDOWS\System32\xmqxibod.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/11/2006 12:00:52 PM | Attr = ]
xxyvuuu.dll -> C:\WINDOWS\System32\xxyvuuu.dll -> [Ver = | Size = 40973 bytes | Created Date = 12/1/2006 4:22:54 PM | Attr = HS]
xyepfwrh.exe -> C:\WINDOWS\System32\xyepfwrh.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/12/2006 7:51:36 AM | Attr = ]
xyksvcxi.exe -> C:\WINDOWS\System32\xyksvcxi.exe -> [Ver = | Size = 88340 bytes | Created Date = 12/2/2006 10:36:37 AM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/8/2006 11:49:13 AM | Attr = ]
MpFirewall.sys -> C:\WINDOWS\System32\drivers\MpFirewall.sys -> McAfee [Ver = 7.1.0.113 | Size = 80640 bytes | Created Date = 12/1/2006 5:00:36 PM | Attr = ]
naiavf5x.sys -> C:\WINDOWS\System32\drivers\naiavf5x.sys -> McAfee Inc. [Ver = 11.0.0.142 | Size = 114464 bytes | Created Date = 12/1/2006 5:12:01 PM | Attr = ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 526843904 bytes | Modified Date = 12/14/2006 5:03:12 PM | Attr = HS]
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 2289 bytes | Modified Date = 11/22/2006 4:19:58 PM | Attr = ]
vm404.log -> C:\vm404.log -> [Ver = | Size = 2213 bytes | Modified Date = 12/1/2006 5:07:36 PM | Attr = HS]
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 1244 bytes | Modified Date = 12/12/2006 1:43:56 PM | Attr = ]
system.dll -> C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\system.dll -> [Ver = | Size = 6656 bytes | Modified Date = 12/1/2006 4:23:02 PM | Attr = ]
ACE1Cache.lst -> C:\Program Files\Common Files\Adobe\Color\ACE1Cache.lst -> [Ver = | Size = 28555 bytes | Modified Date = 12/2/2006 9:32:16 AM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/14/2006 5:03:32 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/14/2006 5:03:12 PM | Attr = S]
COM+.log -> C:\WINDOWS\COM+.log -> [Ver = | Size = 4344 bytes | Modified Date = 12/2/2006 1:03:06 PM | Attr = ]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 161688 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 469581 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
gc404.cnf -> C:\WINDOWS\gc404.cnf -> [Ver = | Size = 41 bytes | Modified Date = 12/1/2006 12:00:26 AM | Attr = ]
gsc404.cnf -> C:\WINDOWS\gsc404.cnf -> [Ver = | Size = 1779 bytes | Modified Date = 12/1/2006 12:00:26 AM | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 550254 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 11/16/2006 1:30:16 PM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
KB920213.log -> C:\WINDOWS\KB920213.log -> [Ver = | Size = 14295 bytes | Modified Date = 11/16/2006 1:29:38 PM | Attr = ]
KB923980.log -> C:\WINDOWS\KB923980.log -> [Ver = | Size = 14206 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
KB924270.log -> C:\WINDOWS\KB924270.log -> [Ver = | Size = 13859 bytes | Modified Date = 11/16/2006 1:30:16 PM | Attr = ]
MedCtrOC.log -> C:\WINDOWS\MedCtrOC.log -> [Ver = | Size = 32030 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
ModemLog_Conexant HDA D110 MDC V.92 Modem.txt -> C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt -> [Ver = | Size = 3914 bytes | Modified Date = 12/14/2006 5:03:16 PM | Attr = ]
mozver.dat -> C:\WINDOWS\mozver.dat -> [Ver = | Size = 5895 bytes | Modified Date = 12/13/2006 1:31:22 PM | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 23069 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
msmqinst.log -> C:\WINDOWS\msmqinst.log -> [Ver = | Size = 150162 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
netfxocm.log -> C:\WINDOWS\netfxocm.log -> [Ver = | Size = 79678 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 582914 bytes | Modified Date = 12/11/2006 12:57:40 PM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 97531 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 230274 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 25368 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
popcinfo.dat -> C:\WINDOWS\popcinfo.dat -> [Ver = | Size = 16 bytes | Modified Date = 11/19/2006 4:42:54 PM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/8/2006 11:48:40 AM | Attr = H ]
scf101.log -> C:\WINDOWS\scf101.log -> [Ver = | Size = 145 bytes | Modified Date = 12/1/2006 10:11:50 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32632 bytes | Modified Date = 12/14/2006 5:02:38 PM | Attr = ]
sct101.log -> C:\WINDOWS\sct101.log -> [Ver = | Size = 21 bytes | Modified Date = 12/1/2006 1:14:50 PM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 1948 bytes | Modified Date = 11/22/2006 4:19:00 PM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 164434 bytes | Modified Date = 12/12/2006 1:15:44 PM | Attr = ]
tabletoc.log -> C:\WINDOWS\tabletoc.log -> [Ver = | Size = 23064 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
taskmen32.pif -> C:\WINDOWS\taskmen32.pif -> [Ver = | Size = 99 bytes | Modified Date = 12/1/2006 1:22:06 PM | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 214866 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 50845 bytes | Modified Date = 11/16/2006 1:30:16 PM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/14/2006 5:03:16 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/14/2006 5:03:16 PM | Attr = ]
win.ini -> C:\WINDOWS\win.ini -> [Ver = | Size = 486 bytes | Modified Date = 12/13/2006 1:31:20 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1492527 bytes | Modified Date = 12/14/2006 5:09:06 PM | Attr = ]
9A78E67AFA.sys -> C:\WINDOWS\System32\9A78E67AFA.sys -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2006 4:05:52 PM | Attr = RHS]
abdlofaq.exe -> C:\WINDOWS\System32\abdlofaq.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/7/2006 8:05:30 AM | Attr = ]
amnmlwlm.exe -> C:\WINDOWS\System32\amnmlwlm.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/1/2006 6:33:52 PM | Attr = ]
buqxxxjj.exe -> C:\WINDOWS\System32\buqxxxjj.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/29/2006 1:02:42 PM | Attr = ]
caheeggc.exe -> C:\WINDOWS\System32\caheeggc.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 1:11:14 PM | Attr = ]
chsnxkkf.exe -> C:\WINDOWS\System32\chsnxkkf.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/30/2006 1:04:38 PM | Attr = ]
clc_my.exe -> C:\WINDOWS\System32\clc_my.exe -> [Ver = | Size = 87552 bytes | Modified Date = 11/30/2006 10:53:26 AM | Attr = ]
ClickToFindandFixErrors_4.ico -> C:\WINDOWS\System32\ClickToFindandFixErrors_4.ico -> [Ver = | Size = 2238 bytes | Modified Date = 12/1/2006 2:52:32 PM | Attr = ]
dbckhuku.exe -> C:\WINDOWS\System32\dbckhuku.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 3:25:14 PM | Attr = ]
dkrdbgli.exe -> C:\WINDOWS\System32\dkrdbgli.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/7/2006 1:35:22 PM | Attr = ]
dqydddjt.exe -> C:\WINDOWS\System32\dqydddjt.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/8/2006 11:40:40 AM | Attr = ]
duhnqept.exe -> C:\WINDOWS\System32\duhnqept.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/6/2006 8:05:26 AM | Attr = ]
emvmdycv.exe -> C:\WINDOWS\System32\emvmdycv.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/5/2006 8:04:50 AM | Attr = ]
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [Ver = | Size = 165912 bytes | Modified Date = 12/4/2006 7:56:24 AM | Attr = ]
hhkhdqyv.exe -> C:\WINDOWS\System32\hhkhdqyv.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/28/2006 1:02:24 PM | Attr = ]
iifddee.dll -> C:\WINDOWS\System32\iifddee.dll -> [Ver = | Size = 40973 bytes | Modified Date = 11/30/2006 1:49:44 PM | Attr = HS]
irfrosrd.exe -> C:\WINDOWS\System32\irfrosrd.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/7/2006 1:13:58 PM | Attr = ]
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [Ver = | Size = 5852 bytes | Modified Date = 12/1/2006 4:05:54 PM | Attr = HS]
lgblog.jpg -> C:\WINDOWS\System32\lgblog.jpg -> [Ver = | Size = 18251 bytes | Modified Date = 12/12/2006 7:51:42 AM | Attr = ]
lokuivbg.exe -> C:\WINDOWS\System32\lokuivbg.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 1:11:58 PM | Attr = ]
mcrh.tmp -> C:\WINDOWS\System32\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 12/12/2006 1:02:00 PM | Attr = ]
MobileSidewalkRON_2.ico -> C:\WINDOWS\System32\MobileSidewalkRON_2.ico -> [Ver = | Size = 72566 bytes | Modified Date = 12/1/2006 10:04:14 AM | Attr = ]
mthxhmg.dll -> C:\WINDOWS\System32\mthxhmg.dll -> [Ver = | Size = 59392 bytes | Modified Date = 12/11/2006 8:42:44 AM | Attr = ]
nyrwkihu.exe -> C:\WINDOWS\System32\nyrwkihu.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 3:24:52 PM | Attr = ]
oqtss.bak1 -> C:\WINDOWS\System32\oqtss.bak1 -> [Ver = | Size = 805947 bytes | Modified Date = 11/29/2006 1:02:28 PM | Attr = HS]
oqtss.bak2 -> C:\WINDOWS\System32\oqtss.bak2 -> [Ver = | Size = 791326 bytes | Modified Date = 12/1/2006 1:02:48 PM | Attr = HS]
oqtss.ini -> C:\WINDOWS\System32\oqtss.ini -> [Ver = | Size = 837079 bytes | Modified Date = 12/1/2006 5:13:54 PM | Attr = HS]
oqucmoep.exe -> C:\WINDOWS\System32\oqucmoep.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/1/2006 1:02:50 PM | Attr = ]
pbqanxwn.exe -> C:\WINDOWS\System32\pbqanxwn.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/4/2006 8:04:12 AM | Attr = ]
qmiqsdle.exe -> C:\WINDOWS\System32\qmiqsdle.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/4/2006 7:59:22 AM | Attr = ]
rqimljpb.exe -> C:\WINDOWS\System32\rqimljpb.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/4/2006 8:04:26 AM | Attr = ]
Status.MPF -> C:\WINDOWS\System32\Status.MPF -> [Ver = | Size = 75680 bytes | Modified Date = 12/14/2006 5:03:44 PM | Attr = ]
tpmbbyks.exe -> C:\WINDOWS\System32\tpmbbyks.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/2/2006 10:37:40 AM | Attr = ]
ukxpztl.dll -> C:\WINDOWS\System32\ukxpztl.dll -> [Ver = | Size = 71680 bytes | Modified Date = 11/30/2006 1:50:18 PM | Attr = ]
ulcnvxrq.exe -> C:\WINDOWS\System32\ulcnvxrq.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 7:47:32 AM | Attr = ]
ver.ini -> C:\WINDOWS\System32\ver.ini -> [Ver = | Size = 125 bytes | Modified Date = 12/12/2006 7:51:42 AM | Attr = ]
vxawjsih.exe -> C:\WINDOWS\System32\vxawjsih.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/27/2006 1:02:12 PM | Attr = ]
wnsapisv.exe -> C:\WINDOWS\System32\wnsapisv.exe -> [Ver = | Size = 2 bytes | Modified Date = 12/14/2006 10:07:56 AM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/14/2006 5:03:34 PM | Attr = ]
xmqxibod.exe -> C:\WINDOWS\System32\xmqxibod.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 12:00:54 PM | Attr = ]
xxyvuuu.dll -> C:\WINDOWS\System32\xxyvuuu.dll -> [Ver = | Size = 40973 bytes | Modified Date = 12/1/2006 4:22:56 PM | Attr = HS]
xyepfwrh.exe -> C:\WINDOWS\System32\xyepfwrh.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/12/2006 7:51:38 AM | Attr = ]
xyksvcxi.exe -> C:\WINDOWS\System32\xyksvcxi.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/2/2006 10:36:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 10:50:24 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 7/26/2006 2:34:02 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4482680 bytes | Modified Date = 7/26/2006 2:34:04 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 9/1/2004 11:56:56 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\abdlofaq.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/7/2006 8:05:30 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\amnmlwlm.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/1/2006 6:33:52 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\buqxxxjj.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/29/2006 1:02:42 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\caheeggc.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 1:11:14 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\chsnxkkf.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/30/2006 1:04:38 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\clc_my.exe -> [Ver = | Size = 87552 bytes | Modified Date = 11/30/2006 10:53:26 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\dbckhuku.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 3:25:14 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\dkrdbgli.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/7/2006 1:35:22 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\dqydddjt.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/8/2006 11:40:40 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\duhnqept.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/6/2006 8:05:26 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\emvmdycv.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/5/2006 8:04:50 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\hhkhdqyv.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/28/2006 1:02:24 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\irfrosrd.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/7/2006 1:13:58 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\lokuivbg.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 1:11:58 PM | Attr = ]
PEC2 , PECompact2 , -> C:\WINDOWS\System32\mthxhmg.dll -> [Ver = | Size = 59392 bytes | Modified Date = 12/11/2006 8:42:44 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\nyrwkihu.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 3:24:52 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\oqucmoep.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/1/2006 1:02:50 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\pbqanxwn.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/4/2006 8:04:12 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\qmiqsdle.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/4/2006 7:59:22 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\rqimljpb.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/4/2006 8:04:26 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 4:49:30 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 6:43:54 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 9:36:06 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\tpmbbyks.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/2/2006 10:37:40 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\ulcnvxrq.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 7:47:32 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\vxawjsih.exe -> [Ver = | Size = 88340 bytes | Modified Date = 11/27/2006 1:02:12 PM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 10:35:40 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\xmqxibod.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/11/2006 12:00:54 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\xyepfwrh.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/12/2006 7:51:38 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\xyksvcxi.exe -> [Ver = | Size = 88340 bytes | Modified Date = 12/2/2006 10:36:42 AM | Attr = ]

< End of report >



Sorry to be such a pain in the ass OT.

Edited by tylor, 14 December 2006 - 05:25 PM.


#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:11 AM

Posted 14 December 2006 - 07:04 PM

Hi tylor. You are far from a pain in the ass! This is getting to be better than I expected :thumbsup:

The registry looks fine now. The new file scans have showed up a number of files that would never have been found before. And yes, the files scans will take more time than the original scans did.

Let's clean those up.

Open the WinPFind3u folder and start the WinPFind3u program. Copy/paste the information in the quotebox below into the program and click the Run Fix button.

When the fix is done, you should be asked to reboot your computer (if it just logs you off go ahead and reboot manually - I have to look into that). After the reboot, start WinPFind3u again, but before running the scan change to default options as follows:
  • In both the Files Created Within and Files Modified Within groups, select 30 days for each.
  • In the File String Search group, select Non-Microsoft.
Now click the Run Scan button to create the log.

Post the scan log file back here along with the latest fix log (found in the WinPFind3u folder).

Let me know how things are running.

Thanks so much for your help.

Cheers.

OT

[Kill Explorer]
[Files - Created Wihin 30 days]
NY -> system.dll -> C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\system.dll
NY -> taskmen32.pif -> C:\WINDOWS\taskmen32.pif
NY -> abdlofaq.exe -> C:\WINDOWS\System32\abdlofaq.exe
NY -> amnmlwlm.exe -> C:\WINDOWS\System32\amnmlwlm.exe
NY -> buqxxxjj.exe -> C:\WINDOWS\System32\buqxxxjj.exe
NY -> caheeggc.exe -> C:\WINDOWS\System32\caheeggc.exe
NY -> chsnxkkf.exe -> C:\WINDOWS\System32\chsnxkkf.exe
NY -> clc_my.exe -> C:\WINDOWS\System32\clc_my.exe
NY -> ClickToFindandFixErrors_4.ico -> C:\WINDOWS\System32\ClickToFindandFixErrors_4.ico
NY -> dbckhuku.exe -> C:\WINDOWS\System32\dbckhuku.exe
NY -> dkrdbgli.exe -> C:\WINDOWS\System32\dkrdbgli.exe
NY -> dqydddjt.exe -> C:\WINDOWS\System32\dqydddjt.exe
NY -> duhnqept.exe -> C:\WINDOWS\System32\duhnqept.exe
NY -> emvmdycv.exe -> C:\WINDOWS\System32\emvmdycv.exe
NY -> hhkhdqyv.exe -> C:\WINDOWS\System32\hhkhdqyv.exe
NY -> iifddee.dll -> C:\WINDOWS\System32\iifddee.dll
NY -> irfrosrd.exe -> C:\WINDOWS\System32\irfrosrd.exe
NY -> lokuivbg.exe -> C:\WINDOWS\System32\lokuivbg.exe
NY -> mcrh.tmp -> C:\WINDOWS\System32\mcrh.tmp
NY -> MobileSidewalkRON_2.ico -> C:\WINDOWS\System32\MobileSidewalkRON_2.ico
NY -> mthxhmg.dll -> C:\WINDOWS\System32\mthxhmg.dll
NY -> nyrwkihu.exe -> C:\WINDOWS\System32\nyrwkihu.exe
NY -> oqtss.bak1 -> C:\WINDOWS\System32\oqtss.bak1
NY -> oqtss.bak2 -> C:\WINDOWS\System32\oqtss.bak2
NY -> oqtss.ini -> C:\WINDOWS\System32\oqtss.ini
NY -> oqucmoep.exe -> C:\WINDOWS\System32\oqucmoep.exe
NY -> pbqanxwn.exe -> C:\WINDOWS\System32\pbqanxwn.exe
NY -> qmiqsdle.exe -> C:\WINDOWS\System32\qmiqsdle.exe
NY -> rqimljpb.exe -> C:\WINDOWS\System32\rqimljpb.exe
NY -> tpmbbyks.exe -> C:\WINDOWS\System32\tpmbbyks.exe
NY -> ukxpztl.dll -> C:\WINDOWS\System32\ukxpztl.dll
NY -> ulcnvxrq.exe -> C:\WINDOWS\System32\ulcnvxrq.exe
NY -> vxawjsih.exe -> C:\WINDOWS\System32\vxawjsih.exe
NY -> wnsapisv.exe -> C:\WINDOWS\System32\wnsapisv.exe
NY -> xmqxibod.exe -> C:\WINDOWS\System32\xmqxibod.exe
NY -> xxyvuuu.dll -> C:\WINDOWS\System32\xxyvuuu.dll
NY -> xyepfwrh.exe -> C:\WINDOWS\System32\xyepfwrh.exe
NY -> xyksvcxi.exe -> C:\WINDOWS\System32\xyksvcxi.exe
[Files - Modified Wihin 30 days]
NY -> imsins.BAK -> C:\WINDOWS\imsins.BAK
NY -> imsins.log -> C:\WINDOWS\imsins.log
NY -> taskmen32.pif -> C:\WINDOWS\taskmen32.pif
NY -> abdlofaq.exe -> C:\WINDOWS\System32\abdlofaq.exe
NY -> amnmlwlm.exe -> C:\WINDOWS\System32\amnmlwlm.exe
NY -> buqxxxjj.exe -> C:\WINDOWS\System32\buqxxxjj.exe
NY -> caheeggc.exe -> C:\WINDOWS\System32\caheeggc.exe
NY -> chsnxkkf.exe -> C:\WINDOWS\System32\chsnxkkf.exe
NY -> clc_my.exe -> C:\WINDOWS\System32\clc_my.exe
NY -> ClickToFindandFixErrors_4.ico -> C:\WINDOWS\System32\ClickToFindandFixErrors_4.ico
NY -> dbckhuku.exe -> C:\WINDOWS\System32\dbckhuku.exe
NY -> dkrdbgli.exe -> C:\WINDOWS\System32\dkrdbgli.exe
NY -> dqydddjt.exe -> C:\WINDOWS\System32\dqydddjt.exe
NY -> duhnqept.exe -> C:\WINDOWS\System32\duhnqept.exe
NY -> emvmdycv.exe -> C:\WINDOWS\System32\emvmdycv.exe
NY -> hhkhdqyv.exe -> C:\WINDOWS\System32\hhkhdqyv.exe
NY -> iifddee.dll -> C:\WINDOWS\System32\iifddee.dll
NY -> irfrosrd.exe -> C:\WINDOWS\System32\irfrosrd.exe
NY -> lgblog.jpg -> C:\WINDOWS\System32\lgblog.jpg
NY -> lokuivbg.exe -> C:\WINDOWS\System32\lokuivbg.exe
NY -> mcrh.tmp -> C:\WINDOWS\System32\mcrh.tmp
NY -> MobileSidewalkRON_2.ico -> C:\WINDOWS\System32\MobileSidewalkRON_2.ico
NY -> mthxhmg.dll -> C:\WINDOWS\System32\mthxhmg.dll
NY -> nyrwkihu.exe -> C:\WINDOWS\System32\nyrwkihu.exe
NY -> oqtss.bak1 -> C:\WINDOWS\System32\oqtss.bak1
NY -> oqtss.bak2 -> C:\WINDOWS\System32\oqtss.bak2
NY -> oqtss.ini -> C:\WINDOWS\System32\oqtss.ini
NY -> oqucmoep.exe -> C:\WINDOWS\System32\oqucmoep.exe
NY -> pbqanxwn.exe -> C:\WINDOWS\System32\pbqanxwn.exe
NY -> qmiqsdle.exe -> C:\WINDOWS\System32\qmiqsdle.exe
NY -> rqimljpb.exe -> C:\WINDOWS\System32\rqimljpb.exe
NY -> tpmbbyks.exe -> C:\WINDOWS\System32\tpmbbyks.exe
NY -> ukxpztl.dll -> C:\WINDOWS\System32\ukxpztl.dll
NY -> ulcnvxrq.exe -> C:\WINDOWS\System32\ulcnvxrq.exe
NY -> vxawjsih.exe -> C:\WINDOWS\System32\vxawjsih.exe
NY -> wnsapisv.exe -> C:\WINDOWS\System32\wnsapisv.exe
NY -> xmqxibod.exe -> C:\WINDOWS\System32\xmqxibod.exe
NY -> xxyvuuu.dll -> C:\WINDOWS\System32\xxyvuuu.dll
NY -> xyepfwrh.exe -> C:\WINDOWS\System32\xyepfwrh.exe
NY -> xyksvcxi.exe -> C:\WINDOWS\System32\xyksvcxi.exe
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\abdlofaq.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\amnmlwlm.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\buqxxxjj.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\caheeggc.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\chsnxkkf.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\clc_my.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\dbckhuku.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\dkrdbgli.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\dqydddjt.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\duhnqept.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\emvmdycv.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\hhkhdqyv.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\irfrosrd.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\lokuivbg.exe
NY -> PEC2 , PECompact2 , -> C:\WINDOWS\System32\mthxhmg.dll
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\nyrwkihu.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\oqucmoep.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\pbqanxwn.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\qmiqsdle.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\rqimljpb.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\tpmbbyks.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\ulcnvxrq.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\vxawjsih.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\xmqxibod.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\xyepfwrh.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\xyksvcxi.exe
[Reboot]


Edited by OldTimer, 14 December 2006 - 07:21 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 tylor

tylor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 December 2006 - 01:05 PM

You can't imagine how grateful I am OT, thanks for your continued efforts to help get this off my computer.

Fix log;

Explorer killed successfully
[Files - Created Wihin 30 days]
C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\system.dll moved successfully.
C:\WINDOWS\taskmen32.pif moved successfully.
C:\WINDOWS\System32\abdlofaq.exe moved successfully.
C:\WINDOWS\System32\amnmlwlm.exe moved successfully.
C:\WINDOWS\System32\buqxxxjj.exe moved successfully.
C:\WINDOWS\System32\caheeggc.exe moved successfully.
C:\WINDOWS\System32\chsnxkkf.exe moved successfully.
C:\WINDOWS\System32\clc_my.exe moved successfully.
C:\WINDOWS\System32\ClickToFindandFixErrors_4.ico moved successfully.
C:\WINDOWS\System32\dbckhuku.exe moved successfully.
C:\WINDOWS\System32\dkrdbgli.exe moved successfully.
C:\WINDOWS\System32\dqydddjt.exe moved successfully.
C:\WINDOWS\System32\duhnqept.exe moved successfully.
C:\WINDOWS\System32\emvmdycv.exe moved successfully.
C:\WINDOWS\System32\hhkhdqyv.exe moved successfully.
C:\WINDOWS\System32\iifddee.dll moved successfully.
C:\WINDOWS\System32\irfrosrd.exe moved successfully.
C:\WINDOWS\System32\lokuivbg.exe moved successfully.
C:\WINDOWS\System32\mcrh.tmp moved successfully.
C:\WINDOWS\System32\MobileSidewalkRON_2.ico moved successfully.
C:\WINDOWS\System32\mthxhmg.dll moved successfully.
C:\WINDOWS\System32\nyrwkihu.exe moved successfully.
C:\WINDOWS\System32\oqtss.bak1 moved successfully.
C:\WINDOWS\System32\oqtss.bak2 moved successfully.
C:\WINDOWS\System32\oqtss.ini moved successfully.
C:\WINDOWS\System32\oqucmoep.exe moved successfully.
C:\WINDOWS\System32\pbqanxwn.exe moved successfully.
C:\WINDOWS\System32\qmiqsdle.exe moved successfully.
C:\WINDOWS\System32\rqimljpb.exe moved successfully.
C:\WINDOWS\System32\tpmbbyks.exe moved successfully.
C:\WINDOWS\System32\ukxpztl.dll moved successfully.
C:\WINDOWS\System32\ulcnvxrq.exe moved successfully.
C:\WINDOWS\System32\vxawjsih.exe moved successfully.
C:\WINDOWS\System32\wnsapisv.exe moved successfully.
C:\WINDOWS\System32\xmqxibod.exe moved successfully.
C:\WINDOWS\System32\xxyvuuu.dll moved successfully.
C:\WINDOWS\System32\xyepfwrh.exe moved successfully.
C:\WINDOWS\System32\xyksvcxi.exe moved successfully.
[Files - Modified Wihin 30 days]
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\imsins.log moved successfully.
File C:\WINDOWS\taskmen32.pif not found!
File C:\WINDOWS\System32\abdlofaq.exe not found!
File C:\WINDOWS\System32\amnmlwlm.exe not found!
File C:\WINDOWS\System32\buqxxxjj.exe not found!
File C:\WINDOWS\System32\caheeggc.exe not found!
File C:\WINDOWS\System32\chsnxkkf.exe not found!
File C:\WINDOWS\System32\clc_my.exe not found!
File C:\WINDOWS\System32\ClickToFindandFixErrors_4.ico not found!
File C:\WINDOWS\System32\dbckhuku.exe not found!
File C:\WINDOWS\System32\dkrdbgli.exe not found!
File C:\WINDOWS\System32\dqydddjt.exe not found!
File C:\WINDOWS\System32\duhnqept.exe not found!
File C:\WINDOWS\System32\emvmdycv.exe not found!
File C:\WINDOWS\System32\hhkhdqyv.exe not found!
File C:\WINDOWS\System32\iifddee.dll not found!
File C:\WINDOWS\System32\irfrosrd.exe not found!
C:\WINDOWS\System32\lgblog.jpg moved successfully.
File C:\WINDOWS\System32\lokuivbg.exe not found!
File C:\WINDOWS\System32\mcrh.tmp not found!
File C:\WINDOWS\System32\MobileSidewalkRON_2.ico not found!
File C:\WINDOWS\System32\mthxhmg.dll not found!
File C:\WINDOWS\System32\nyrwkihu.exe not found!
File C:\WINDOWS\System32\oqtss.bak1 not found!
File C:\WINDOWS\System32\oqtss.bak2 not found!
File C:\WINDOWS\System32\oqtss.ini not found!
File C:\WINDOWS\System32\oqucmoep.exe not found!
File C:\WINDOWS\System32\pbqanxwn.exe not found!
File C:\WINDOWS\System32\qmiqsdle.exe not found!
File C:\WINDOWS\System32\rqimljpb.exe not found!
File C:\WINDOWS\System32\tpmbbyks.exe not found!
File C:\WINDOWS\System32\ukxpztl.dll not found!
File C:\WINDOWS\System32\ulcnvxrq.exe not found!
File C:\WINDOWS\System32\vxawjsih.exe not found!
File C:\WINDOWS\System32\wnsapisv.exe not found!
File C:\WINDOWS\System32\xmqxibod.exe not found!
File C:\WINDOWS\System32\xxyvuuu.dll not found!
File C:\WINDOWS\System32\xyepfwrh.exe not found!
File C:\WINDOWS\System32\xyksvcxi.exe not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\System32\abdlofaq.exe not found!
File C:\WINDOWS\System32\amnmlwlm.exe not found!
File C:\WINDOWS\System32\buqxxxjj.exe not found!
File C:\WINDOWS\System32\caheeggc.exe not found!
File C:\WINDOWS\System32\chsnxkkf.exe not found!
File C:\WINDOWS\System32\clc_my.exe not found!
File C:\WINDOWS\System32\dbckhuku.exe not found!
File C:\WINDOWS\System32\dkrdbgli.exe not found!
File C:\WINDOWS\System32\dqydddjt.exe not found!
File C:\WINDOWS\System32\duhnqept.exe not found!
File C:\WINDOWS\System32\emvmdycv.exe not found!
File C:\WINDOWS\System32\hhkhdqyv.exe not found!
File C:\WINDOWS\System32\irfrosrd.exe not found!
File C:\WINDOWS\System32\lokuivbg.exe not found!
File C:\WINDOWS\System32\mthxhmg.dll not found!
File C:\WINDOWS\System32\nyrwkihu.exe not found!
File C:\WINDOWS\System32\oqucmoep.exe not found!
File C:\WINDOWS\System32\pbqanxwn.exe not found!
File C:\WINDOWS\System32\qmiqsdle.exe not found!
File C:\WINDOWS\System32\rqimljpb.exe not found!
File C:\WINDOWS\System32\tpmbbyks.exe not found!
File C:\WINDOWS\System32\ulcnvxrq.exe not found!
File C:\WINDOWS\System32\vxawjsih.exe not found!
File C:\WINDOWS\System32\xmqxibod.exe not found!
File C:\WINDOWS\System32\xyepfwrh.exe not found!
File C:\WINDOWS\System32\xyksvcxi.exe not found!
< End of log >
Created on 12/15/2006 08:03:30






Scan log;

WinPFind3 logfile created on: 12/15/2006 12:51:49 PM
WinPFind3U by OldTimer - Pre-Release 1e Folder = C:\Documents and Settings\Thomas\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ]
dsagnt.exe -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 2:04:12 AM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 8:29:52 PM | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 4:41:08 PM | Attr = ]
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Modified Date = 5/1/2006 8:28:26 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 12/13/2005 4:41:00 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
mcagent.exe -> C:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
mcdetect.exe -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 7:56:16 PM | Attr = ]
mcshield.exe -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 11:22:02 AM | Attr = ]
mctskshd.exe -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 4:01:04 PM | Attr = ]
mcvsescn.exe -> c:\progra~1\mcafee.com\vso\mcvsescn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Modified Date = 7/8/2005 6:16:16 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 12:49:20 PM | Attr = ]
mpfagent.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Modified Date = 11/11/2005 4:42:12 PM | Attr = ]
mpfservice.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Modified Date = 11/11/2005 4:43:04 PM | Attr = ]
mpftray.exe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Modified Date = 11/11/2005 5:00:56 PM | Attr = ]
mscifapp.exe -> C:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Modified Date = 3/30/2006 2:31:24 PM | Attr = ]
netwaiting.exe -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ]
nicconfigsvc.exe -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Modified Date = 12/6/2005 10:45:26 AM | Attr = ]
oasclnt.exe -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 10:02:44 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 4/11/2004 8:15:14 PM | Attr = ]
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Modified Date = 12/6/2005 10:45:14 AM | Attr = ]
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 5/1/2006 8:20:26 AM | Attr = ]
stsystra.exe -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Modified Date = 11/16/2005 2:35:16 PM | Attr = ]
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Modified Date = 11/29/2005 11:56:30 AM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Thomas\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 295936 bytes | Modified Date = 12/13/2006 8:29:16 PM | Attr = ]
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Modified Date = 5/1/2006 8:28:06 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 10/17/2006 10:33:06 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> c:\program files\mcafee.com\agent\mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 7:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Paused] -> c:\PROGRA~1\mcafee.com\vso\mcshield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 11:22:02 AM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 4:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 7/1/2005 7:22:50 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Modified Date = 11/11/2005 4:43:04 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 9, 0 | Size = 380928 bytes | Modified Date = 12/6/2005 10:45:26 AM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 5/1/2006 8:20:26 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Modified Date = 5/1/2006 8:22:42 AM | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -> Intel® Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Modified Date = 5/1/2006 8:34:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 0, 9, 0 | Size = 839680 bytes | Modified Date = 12/6/2005 10:45:14 AM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 8:29:52 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 4:41:08 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 4:45:00 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 12/13/2005 4:44:18 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Modified Date = 5/1/2006 8:28:26 AM | Attr = ]
IntelZeroConfig -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Modified Date = 5/1/2006 8:28:06 AM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
MCAgentExe -> c:\PROGRA~1\mcafee.com\agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> c:\PROGRA~1\mcafee.com\agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 12:05:42 PM | Attr = ]
MPFExe -> C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Modified Date = 11/11/2005 5:00:56 PM | Attr = ]
MPSExe -> c:\PROGRA~1\mcafee.com\mps\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Modified Date = 3/30/2006 2:31:24 PM | Attr = ]
MSKDetectorExe -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 3:16:44 PM | Attr = ]
OASClnt -> C:\Program Files\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 10:02:44 PM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 4/11/2004 8:15:14 PM | Attr = ]
ShowLOMControl -> -> File not found
SigmatelSysTrayApp -> C:\WINDOWS\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 397312 bytes | Modified Date = 11/16/2005 2:35:16 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
SynTPEnh -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 761947 bytes | Modified Date = 11/29/2005 11:56:30 AM | Attr = ]
VirusScan Online -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 12:49:20 PM | Attr = ]
VSOCheckTask -> C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Modified Date = 7/8/2005 6:18:22 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\PROGRA~1\DELLSU~1\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 2:04:12 AM | Attr = ]
ModemOnHold -> C:\Program Files\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 12/13/2005 4:40:12 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{BC4E2A16-067E-1033-0420-0620060001} -> "C:\Program Files\Common Files\{BC4E2A16-067E-1033-0420-0620060001}\Update.exe" mc-110-12-0000272 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.comcast.net/comcast.html ->
HKCU: URLSearchHooks\\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: URLSearchHooks\\{93D64C96-8952-FE88-2101-891A05C8089B} [HKLM] -> C:\WINDOWS\system32\mthxhmg.dll [Reg Data - Value does not exist] -> File not found
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr = ]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> c:\program files\mcafee.com\mps\mcbrhlpr.dll [McBrwHelper Class] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Modified Date = 10/28/2005 10:30:34 AM | Attr = ]
{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> c:\program files\mcafee.com\mps\popupkiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Modified Date = 10/28/2005 10:30:36 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{93D64C96-8952-FE88-2101-891A05C8089B} [HKLM] -> C:\WINDOWS\system32\mthxhmg.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 8:44:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8195 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8196 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> C:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.5.3598 | Size = 61440 bytes | Modified Date = 8/10/2004 10:37:28 AM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.2.4.3 29Nov05 | Size = 6135899 bytes | Modified Date = 11/29/2005 11:44:38 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> Reg Data - Key not found [Microsoft Url Search Hook] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 8:44:30 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4446 | Size = 147456 bytes | Modified Date = 12/13/2005 4:44:02 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> c:\progra~1\mcafee.com\vso\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 8:44:30 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 12:20:24 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{76ABD33C-B95A-4AB0-A4E9-92EEDDC9D150} -> (1394 Net Adapter) ->
{90FD9501-513E-4FEA-8DC7-8DC4128B01C8} -> 67.20.159.102,67.20.159.103 (Intel® PRO/Wireless 3945ABG Network Connection) ->
{EC6A77D7-2FF5-4764-A389-7A44CDEECC9D} -> 67.20.159.102,67.20.159.103 (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 526843904 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 2289 bytes | Created Date = 11/22/2006 4:18:40 PM | Attr = ]
vm404.log -> C:\vm404.log -> [Ver = | Size = 2213 bytes | Created Date = 11/20/2006 1:39:33 PM | Attr = HS]
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 1244 bytes | Created Date = 12/12/2006 1:30:17 PM | Attr = ]
bdfree.msi -> C:\Program Files\Common Files\Softwin\Setup Information\{8BFFDBAB-FD81-4137-A98E-A769C828080C}\bdfree.msi -> [Ver = | Size = 11369984 bytes | Created Date = 12/7/2006 1:47:33 PM | Attr = H ]
gc404.cnf -> C:\WINDOWS\gc404.cnf -> [Ver = | Size = 41 bytes | Created Date = 11/30/2006 7:56:25 AM | Attr = ]
gsc404.cnf -> C:\WINDOWS\gsc404.cnf -> [Ver = | Size = 1779 bytes | Created Date = 11/30/2006 7:56:25 AM | Attr = ]
KB920213.log -> C:\WINDOWS\KB920213.log -> [Ver = | Size = 14295 bytes | Created Date = 11/16/2006 11:54:37 AM | Attr = ]
KB923980.log -> C:\WINDOWS\KB923980.log -> [Ver = | Size = 14206 bytes | Created Date = 11/16/2006 11:54:48 AM | Attr = ]
KB924270.log -> C:\WINDOWS\KB924270.log -> [Ver = | Size = 13859 bytes | Created Date = 11/16/2006 11:54:45 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 582914 bytes | Created Date = 11/22/2006 4:17:02 PM | Attr = ]
popcinfo.dat -> C:\WINDOWS\popcinfo.dat -> [Ver = | Size = 16 bytes | Created Date = 11/19/2006 4:42:52 PM | Attr = ]
scf101.log -> C:\WINDOWS\scf101.log -> [Ver = | Size = 145 bytes | Created Date = 11/29/2006 1:25:24 PM | Attr = ]
sct101.log -> C:\WINDOWS\sct101.log -> [Ver = | Size = 21 bytes | Created Date = 11/29/2006 1:25:24 PM | Attr = ]
bcdr32.dll -> C:\WINDOWS\System32\bcdr32.dll -> Informatics, Inc. [Ver = 5.1.0.0 | Size = 209368 bytes | Created Date = 12/2/2006 11:18:59 AM | Attr = ]
bcxl32.dll -> C:\WINDOWS\System32\bcxl32.dll -> Informatics, Inc. [Ver = 5.1.0.0 | Size = 131552 bytes | Created Date = 12/2/2006 11:18:59 AM | Attr = ]
instlsp.exe -> C:\WINDOWS\System32\instlsp.exe -> [Ver = | Size = 32768 bytes | Created Date = 12/1/2006 4:55:28 PM | Attr = ]
mclsp.dll -> C:\WINDOWS\System32\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Created Date = 12/1/2006 4:55:29 PM | Attr = ]
mcrtl32.dll -> C:\WINDOWS\System32\mcrtl32.dll -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 90112 bytes | Created Date = 12/1/2006 4:55:34 PM | Attr = ]
MpfApi.dll -> C:\WINDOWS\System32\MpfApi.dll -> McAfee [Ver = 7.1.0.113 | Size = 9216 bytes | Created Date = 12/1/2006 5:00:35 PM | Attr = ]
SrchSTS.exe -> C:\WINDOWS\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 11/22/2006 4:18:27 PM | Attr = ]
swreg.exe -> C:\WINDOWS\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 11/22/2006 4:18:27 PM | Attr = ]
swsc.exe -> C:\WINDOWS\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 11/22/2006 4:18:27 PM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/8/2006 11:49:13 AM | Attr = ]
MpFirewall.sys -> C:\WINDOWS\System32\drivers\MpFirewall.sys -> McAfee [Ver = 7.1.0.113 | Size = 80640 bytes | Created Date = 12/1/2006 5:00:36 PM | Attr = ]
naiavf5x.sys -> C:\WINDOWS\System32\drivers\naiavf5x.sys -> McAfee Inc. [Ver = 11.0.0.142 | Size = 114464 bytes | Created Date = 12/1/2006 5:12:01 PM | Attr = ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 526843904 bytes | Modified Date = 12/15/2006 8:04:46 AM | Attr = HS]
rapport.txt -> C:\rapport.txt -> [Ver = | Size = 2289 bytes | Modified Date = 11/22/2006 4:19:58 PM | Attr = ]
vm404.log -> C:\vm404.log -> [Ver = | Size = 2213 bytes | Modified Date = 12/1/2006 5:07:36 PM | Attr = HS]
VundoFix.txt -> C:\VundoFix.txt -> [Ver = | Size = 1244 bytes | Modified Date = 12/12/2006 1:43:56 PM | Attr = ]
ACE1Cache.lst -> C:\Program Files\Common Files\Adobe\Color\ACE1Cache.lst -> [Ver = | Size = 28555 bytes | Modified Date = 12/2/2006 9:32:16 AM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/15/2006 8:05:48 AM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/15/2006 8:04:48 AM | Attr = S]
COM+.log -> C:\WINDOWS\COM+.log -> [Ver = | Size = 4344 bytes | Modified Date = 12/2/2006 1:03:06 PM | Attr = ]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 161688 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 469581 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
gc404.cnf -> C:\WINDOWS\gc404.cnf -> [Ver = | Size = 41 bytes | Modified Date = 12/1/2006 12:00:26 AM | Attr = ]
gsc404.cnf -> C:\WINDOWS\gsc404.cnf -> [Ver = | Size = 1779 bytes | Modified Date = 12/1/2006 12:00:26 AM | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 550254 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
KB920213.log -> C:\WINDOWS\KB920213.log -> [Ver = | Size = 14295 bytes | Modified Date = 11/16/2006 1:29:38 PM | Attr = ]
KB923980.log -> C:\WINDOWS\KB923980.log -> [Ver = | Size = 14206 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
KB924270.log -> C:\WINDOWS\KB924270.log -> [Ver = | Size = 13859 bytes | Modified Date = 11/16/2006 1:30:16 PM | Attr = ]
MedCtrOC.log -> C:\WINDOWS\MedCtrOC.log -> [Ver = | Size = 32030 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
ModemLog_Conexant HDA D110 MDC V.92 Modem.txt -> C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt -> [Ver = | Size = 3914 bytes | Modified Date = 12/15/2006 8:04:52 AM | Attr = ]
mozver.dat -> C:\WINDOWS\mozver.dat -> [Ver = | Size = 5895 bytes | Modified Date = 12/13/2006 1:31:22 PM | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 23069 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
msmqinst.log -> C:\WINDOWS\msmqinst.log -> [Ver = | Size = 150162 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
netfxocm.log -> C:\WINDOWS\netfxocm.log -> [Ver = | Size = 79678 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 582914 bytes | Modified Date = 12/11/2006 12:57:40 PM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 97531 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 230274 bytes | Modified Date = 11/16/2006 1:30:22 PM | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 25368 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
popcinfo.dat -> C:\WINDOWS\popcinfo.dat -> [Ver = | Size = 16 bytes | Modified Date = 11/19/2006 4:42:54 PM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/8/2006 11:48:40 AM | Attr = H ]
scf101.log -> C:\WINDOWS\scf101.log -> [Ver = | Size = 145 bytes | Modified Date = 12/1/2006 10:11:50 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32632 bytes | Modified Date = 12/15/2006 8:04:12 AM | Attr = ]
sct101.log -> C:\WINDOWS\sct101.log -> [Ver = | Size = 21 bytes | Modified Date = 12/1/2006 1:14:50 PM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 2064 bytes | Modified Date = 12/15/2006 10:12:58 AM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 180271 bytes | Modified Date = 12/15/2006 10:14:18 AM | Attr = ]
tabletoc.log -> C:\WINDOWS\tabletoc.log -> [Ver = | Size = 23064 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 214866 bytes | Modified Date = 11/16/2006 1:30:24 PM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 50845 bytes | Modified Date = 11/16/2006 1:30:16 PM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/15/2006 8:04:52 AM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/15/2006 8:04:50 AM | Attr = ]
win.ini -> C:\WINDOWS\win.ini -> [Ver = | Size = 486 bytes | Modified Date = 12/13/2006 1:31:20 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1531620 bytes | Modified Date = 12/15/2006 8:10:42 AM | Attr = ]
9A78E67AFA.sys -> C:\WINDOWS\System32\9A78E67AFA.sys -> [Ver = | Size = 88 bytes | Modified Date = 12/1/2006 4:05:52 PM | Attr = RHS]
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [Ver = | Size = 165912 bytes | Modified Date = 12/4/2006 7:56:24 AM | Attr = ]
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [Ver = | Size = 5852 bytes | Modified Date = 12/1/2006 4:05:54 PM | Attr = HS]
Status.MPF -> C:\WINDOWS\System32\Status.MPF -> [Ver = | Size = 75680 bytes | Modified Date = 12/15/2006 8:07:50 AM | Attr = ]
ver.ini -> C:\WINDOWS\System32\ver.ini -> [Ver = | Size = 125 bytes | Modified Date = 12/12/2006 7:51:42 AM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/15/2006 8:07:40 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 10:50:24 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 7/26/2006 2:34:02 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4482680 bytes | Modified Date = 7/26/2006 2:34:04 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 9/1/2004 11:56:56 AM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 4:49:30 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 6:43:54 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 9:36:06 AM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 10:35:40 AM | Attr = ]

< End of report >



:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users