Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lzx32.sys Problems, Cant Do Anything : /


  • Please log in to reply
14 replies to this topic

#1 Caelitis

Caelitis

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 14 December 2006 - 07:40 PM

My brothers computer is in a state of distress. Running in normal mode causes him to get a bsod after about 2 minutes, because of a STOP: 0x0000008E error, saying something about lzx32.sys. I looked this up, and found out that its a trojan, and did some things to try and remove it. I cant run Norton, which I downloaded from the symantec website, because I have to install it while in normal mode, and again, I get a bsod after about two minutes. Ive fixed his computer before from minor stuff like adware and spyware, but I think Im in over my head this time :thumbsup:

Anyways, getting to the log :

Logfile of HijackThis v1.99.1
Scan saved at 7:17:42 PM, on 12/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Alex!\Desktop\Autoruns\autoruns.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Alex!\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {ED85C7C3-7A59-008F-7184-0445727873E0} - C:\WINDOWS\system32\sxr.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll
O2 - BHO: (no name) - {ED85C7C3-7A59-008F-7184-0445727873E0} - C:\WINDOWS\system32\sxr.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [emwc394c] RUNDLL32.EXE w004605c.dll,n 002c394a00000003004605c
O4 - HKLM\..\Run: [w0047ee1.dll] RUNDLL32.EXE w0047ee1.dll,I2 002c394a00047ee1
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pstorec] C:\WINDOWS\system32\pstorec.exe
O4 - HKCU\..\Run: [ipsmsnap] C:\WINDOWS\system32\ipsmsnap.exe
O4 - HKCU\..\Run: [wpic] "C:\WINDOWS\system32\wpic.exe"
O4 - HKCU\..\Run: [cryptsvc] C:\WINDOWS\system32\cryptsvc.exe
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\WNSXS~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [Ugu] C:\Program Files\?icrosoft\?srss.exe
O4 - HKCU\..\Run: [deskperf] C:\WINDOWS\system32\deskperf.exe
O4 - HKCU\..\Run: [qosname] C:\WINDOWS\system32\qosname.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ccfgnt.exe - Unknown owner - C:\WINDOWS\system32\ccfgnt.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: fxsres.exe - Unknown owner - C:\WINDOWS\system32\fxsres.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
O23 - Service: msports.exe - Unknown owner - C:\WINDOWS\system32\msports.exe (file missing)
O23 - Service: netman.exe - Unknown owner - C:\WINDOWS\system32\netman.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Symantec PIF Service (pifService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks a bundle in advance for any help you can offer!

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 14 December 2006 - 08:11 PM

Hello Caelitis and welcome to the BC HijackThis forum. After reviewing your log I see a few items that we should take care of. Please follow the directions below.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Caelitis

Caelitis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 14 December 2006 - 08:27 PM

Heres the results!

WinPFind3 logfile created on: 12/14/2006 8:18:56 PM
WinPFind3U by OldTimer - Pre-Release 1f Folder = C:\Documents and Settings\Alex!\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.8: 2006102516 | Size = 7191149 bytes | Modified Date = 11/9/2006 7:14:46 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Alex!\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 296448 bytes | Modified Date = 12/14/2006 7:35:30 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(ccfgnt.exe) ccfgnt.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\ccfgnt.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr = ]
(fxsres.exe) fxsres.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\fxsres.exe -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 4:23:58 PM | Attr = ]
(MsaSvc) Microsoft authenticate service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\msasvc.exe -> [Ver = | Size = 3584 bytes | Modified Date = 12/14/2006 2:45:26 PM | Attr = ]
(msports.exe) msports.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\msports.exe -> File not found
(netman.exe) netman.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\netman.exe -> [Ver = | Size = 35591 bytes | Modified Date = 8/15/2005 8:02:04 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Stopped] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 9:53:18 AM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 5/25/2006 5:07:50 PM | Attr = ]
(nmservice) Pure Networks Network Magic Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 276048 bytes | Modified Date = 6/23/2006 8:24:50 PM | Attr = ]
(pifService) Symantec PIF Service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(RegSrvc) RegSrvc [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Apoint -> C:\Program Files\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
Corel Photo Downloader -> C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 12:06:18 PM | Attr = ]
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> [Ver = 0, 5, 5, 0 | Size = 684032 bytes | Modified Date = 9/1/2005 6:24:08 PM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 5:19:56 PM | Attr = ]
emwc394c -> w004605c.DLL [RUNDLL32.EXE w004605c.dll,n 002c394a00000003004605c] -> File not found
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 2:49:46 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 3:59:54 PM | Attr = ]
IpWins -> C:\Program Files\ipwins\ipwins.exe -> [Ver = | Size = 60928 bytes | Modified Date = 9/29/2006 10:46:08 AM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 4:24:14 PM | Attr = ]
KernelFaultCheck -> -> File not found
nmapp -> C:\Program Files\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 1029712 bytes | Modified Date = 6/23/2006 8:45:40 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/11/2006 6:35:32 PM | Attr = ]
RealTray -> C:\Program Files\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/21/2005 2:01:28 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
w0047ee1.dll -> w0047ee1.DLL [RUNDLL32.EXE w0047ee1.dll,I2 002c394a00047ee1] -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cryptsvc -> C:\WINDOWS\system32\cryptsvc.exe -> [Ver = | Size = 35591 bytes | Modified Date = 8/15/2005 8:02:04 PM | Attr = ]
DellSupport -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 3:04:12 AM | Attr = ]
deskperf -> C:\WINDOWS\system32\deskperf.exe -> [Ver = | Size = 35591 bytes | Modified Date = 8/15/2005 8:02:04 PM | Attr = ]
ipsmsnap -> C:\WINDOWS\system32\ipsmsnap.exe -> [Ver = | Size = 67610 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
pstorec -> C:\WINDOWS\system32\pstorec.exe -> [Ver = | Size = 68636 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
qosname -> C:\WINDOWS\system32\qosname.exe -> [Ver = | Size = 35591 bytes | Modified Date = 8/15/2005 8:02:04 PM | Attr = ]
Uaol -> C:\Program Files\Common Files\W?nSxS\ati2evxx.exe -> File not found
Ugu -> C:\Program Files\?icrosoft\?srss.exe -> File not found
wpic -> C:\WINDOWS\system32\wpic.exe -> [Ver = | Size = 80926 bytes | Modified Date = 11/26/2006 10:44:44 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{D4DF9B53-0850-1033-0928-051114200001} -> "C:\Program Files\Common Files\{D4DF9B53-0850-1033-0928-051114200001}\Update.exe" mc-110-12-0000797 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.dell4me.com/myway ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://ie.search.msn.com ->
HKLM: Start Page -> http://www.dell4me.com/myway ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.msn.com ->
HKCU: URLSearchHooks\\{ED85C7C3-7A59-008F-7184-0445727873E0} [HKLM] -> C:\WINDOWS\system32\sxr.dll [Reg Data - Value does not exist] -> [Ver = | Size = 58880 bytes | Modified Date = 12/11/2006 8:44:28 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{C004DEC2-2623-438e-9CA2-C9043AB28508} [HKLM] -> C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll [888Bar] -> [Ver = 1, 0, 0, 1 | Size = 99328 bytes | Modified Date = 11/26/2006 10:44:50 PM | Attr = ]
{ED85C7C3-7A59-008F-7184-0445727873E0} [HKLM] -> C:\WINDOWS\system32\sxr.dll [Reg Data - Value does not exist] -> [Ver = | Size = 58880 bytes | Modified Date = 12/11/2006 8:44:28 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{C004DEC2-2623-438e-9CA2-C9043AB28508} [HKLM] -> C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll [888Bar] -> [Ver = 1, 0, 0, 1 | Size = 99328 bytes | Modified Date = 11/26/2006 10:44:50 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll [888Bar] -> [Ver = 1, 0, 0, 1 | Size = 99328 bytes | Modified Date = 11/26/2006 10:44:50 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Infotip Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3B092F0C-7696-40E3-A80F-68D74DA84210} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Thumbnail Viewer] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [The Core Media Player Shell Extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
{63542C48-9552-494A-84F7-73AA6A7C99C1} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Property Sheet Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7D5C4BDD-B015-4401-8731-1507B87DE297} [HKLM] -> C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll [QBVersionTool] -> Intuit, Inc. [Ver = 15.0D R2 | Size = 212992 bytes | Modified Date = 11/11/2004 1:19:34 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 102400 bytes | Modified Date = 6/14/2006 4:35:34 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Column Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{C55C499D-3518-44a1-998E-796AC5FC989D} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [CoreShellAgent] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 147456 bytes | Modified Date = 10/14/2005 2:49:30 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [Reg Data - Value does not exist] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{11F3F9B8-9CFA-4533-8783-59E229C788D5} -> (1394 Net Adapter) ->
{299D5734-7CFC-4197-82CF-373DBACB2B47} -> (Broadcom 440x 10/100 Integrated Controller) ->
{6C5AD9DC-6096-480D-931E-AB7CFDFA4088} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
pure-go -> C:\Program Files\Common Files\Pure Networks Shared\puresp.dll -> Pure Networks, Inc. [Ver = 1.1.6174.2 | Size = 58960 bytes | Modified Date = 6/23/2006 9:10:36 PM | Attr = ]


[Files - Created Wihin 30 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Created Date = 12/14/2006 6:16:09 PM | Attr = ]
Yazzle1122OinUninstaller.exe -> C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> [Ver = | Size = 93633 bytes | Created Date = 11/27/2006 5:48:28 PM | Attr = HS]
KB920213.log -> C:\WINDOWS\KB920213.log -> [Ver = | Size = 18531 bytes | Created Date = 11/17/2006 7:19:05 AM | Attr = ]
KB922760.log -> C:\WINDOWS\KB922760.log -> [Ver = | Size = 32837 bytes | Created Date = 11/16/2006 7:42:29 PM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 15658 bytes | Created Date = 12/13/2006 3:20:22 PM | Attr = ]
KB923980.log -> C:\WINDOWS\KB923980.log -> [Ver = | Size = 17770 bytes | Created Date = 11/17/2006 7:19:32 AM | Attr = ]
KB924270.log -> C:\WINDOWS\KB924270.log -> [Ver = | Size = 17394 bytes | Created Date = 11/17/2006 7:19:27 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 25242 bytes | Created Date = 12/13/2006 3:20:54 PM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 15577 bytes | Created Date = 12/13/2006 3:20:46 PM | Attr = ]
1.exe -> C:\WINDOWS\System32\1.exe -> [Ver = | Size = 81920 bytes | Created Date = 12/14/2006 3:20:03 PM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 2:45:10 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 3:19:58 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 6:03:40 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Created Date = 11/26/2006 10:41:15 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 4:56:05 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 5:03:06 PM | Attr = ]
CUAO.exe -> C:\WINDOWS\System32\CUAO.exe -> [Ver = | Size = 18432 bytes | Created Date = 11/28/2006 4:59:29 PM | Attr = ]
EMDF.exe -> C:\WINDOWS\System32\EMDF.exe -> [Ver = | Size = 18432 bytes | Created Date = 11/28/2006 5:02:47 PM | Attr = ]
HEOI.exe -> C:\WINDOWS\System32\HEOI.exe -> [Ver = | Size = 18432 bytes | Created Date = 11/28/2006 5:11:28 PM | Attr = ]
install.exe -> C:\WINDOWS\System32\install.exe -> [Ver = | Size = 73728 bytes | Created Date = 11/26/2006 10:44:44 PM | Attr = ]
MJUN.exe -> C:\WINDOWS\System32\MJUN.exe -> [Ver = | Size = 18432 bytes | Created Date = 11/26/2006 10:44:43 PM | Attr = ]
msasvc.exe -> C:\WINDOWS\System32\msasvc.exe -> [Ver = | Size = 3584 bytes | Created Date = 11/26/2006 10:44:49 PM | Attr = ]
ODIP.exe -> C:\WINDOWS\System32\ODIP.exe -> [Ver = | Size = 18432 bytes | Created Date = 11/28/2006 4:56:53 PM | Attr = ]
OUFJ.exe -> C:\WINDOWS\System32\OUFJ.exe -> [Ver = | Size = 18432 bytes | Created Date = 11/28/2006 5:08:57 PM | Attr = ]
sxr.dll -> C:\WINDOWS\System32\sxr.dll -> [Ver = | Size = 58880 bytes | Created Date = 12/13/2006 7:35:19 PM | Attr = ]
t3st.bmp -> C:\WINDOWS\System32\t3st.bmp -> [Ver = | Size = 8704 bytes | Created Date = 11/26/2006 10:44:42 PM | Attr = ]
UMFB.exe -> C:\WINDOWS\System32\UMFB.exe -> [Ver = | Size = 18432 bytes | Created Date = 11/28/2006 4:56:00 PM | Attr = ]
vv815.exe -> C:\WINDOWS\System32\vv815.exe -> ;3r;r3;rew; [Ver = 1.00.0004 | Size = 28672 bytes | Created Date = 11/26/2006 10:44:39 PM | Attr = ]
wefgar.exe -> C:\WINDOWS\System32\wefgar.exe -> [Ver = | Size = 0 bytes | Created Date = 12/14/2006 3:20:05 PM | Attr = ]
wiuqcp.exe -> C:\WINDOWS\System32\wiuqcp.exe -> [Ver = | Size = 81949 bytes | Created Date = 12/14/2006 6:03:45 PM | Attr = ]
wnxli.exe -> C:\WINDOWS\System32\wnxli.exe -> [Ver = | Size = 0 bytes | Created Date = 12/14/2006 2:45:22 PM | Attr = ]
wpic.exe -> C:\WINDOWS\System32\wpic.exe -> [Ver = | Size = 80926 bytes | Created Date = 11/26/2006 10:44:41 PM | Attr = ]
wtssvit.exe -> C:\WINDOWS\System32\wtssvit.exe -> [Ver = | Size = 2 bytes | Created Date = 11/27/2006 5:48:54 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 12/14/2006 7:10:13 PM | Attr = ]

[Files - Modified Wihin 30 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Modified Date = 12/14/2006 6:16:10 PM | Attr = ]
Yazzle1122OinUninstaller.exe -> C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> [Ver = | Size = 93633 bytes | Modified Date = 11/27/2006 5:49:04 PM | Attr = HS]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/14/2006 6:58:52 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/14/2006 6:58:34 PM | Attr = S]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 45338 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
ehOCGen.log -> C:\WINDOWS\ehOCGen.log -> [Ver = | Size = 7611 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 136999 bytes | Modified Date = 11/18/2006 6:59:10 AM | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 146799 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 11/18/2006 6:58:16 AM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
KB920213.log -> C:\WINDOWS\KB920213.log -> [Ver = | Size = 18531 bytes | Modified Date = 11/18/2006 6:55:12 AM | Attr = ]
KB922760.log -> C:\WINDOWS\KB922760.log -> [Ver = | Size = 32837 bytes | Modified Date = 11/18/2006 6:54:52 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 15658 bytes | Modified Date = 12/13/2006 3:21:26 PM | Attr = ]
KB923980.log -> C:\WINDOWS\KB923980.log -> [Ver = | Size = 17770 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
KB924270.log -> C:\WINDOWS\KB924270.log -> [Ver = | Size = 17394 bytes | Modified Date = 11/18/2006 6:58:16 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 25242 bytes | Modified Date = 12/13/2006 3:58:52 PM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 15577 bytes | Modified Date = 12/13/2006 3:21:28 PM | Attr = ]
MedCtrOC.log -> C:\WINDOWS\MedCtrOC.log -> [Ver = | Size = 9757 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
ModemLog_Conexant D110 MDC V.9x Modem.txt -> C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt -> [Ver = | Size = 3844 bytes | Modified Date = 12/14/2006 6:55:44 PM | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 6968 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
msmqinst.log -> C:\WINDOWS\msmqinst.log -> [Ver = | Size = 41358 bytes | Modified Date = 11/18/2006 6:58:44 AM | Attr = ]
netfxocm.log -> C:\WINDOWS\netfxocm.log -> [Ver = | Size = 24335 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 532636 bytes | Modified Date = 12/14/2006 6:58:50 PM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 27792 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 67012 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 7651 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
plusoc.log -> C:\WINDOWS\plusoc.log -> [Ver = | Size = 16091 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 6246 bytes | Modified Date = 11/18/2006 7:05:12 AM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 103413 bytes | Modified Date = 12/14/2006 7:10:10 PM | Attr = ]
tabletoc.log -> C:\WINDOWS\tabletoc.log -> [Ver = | Size = 6842 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 63832 bytes | Modified Date = 11/18/2006 6:59:12 AM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 8093 bytes | Modified Date = 11/18/2006 6:57:42 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/14/2006 6:55:46 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/14/2006 6:55:42 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1789885 bytes | Modified Date = 12/14/2006 6:55:38 PM | Attr = ]
1.exe -> C:\WINDOWS\System32\1.exe -> [Ver = | Size = 81920 bytes | Modified Date = 12/14/2006 6:03:46 PM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 2:45:12 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 3:20:00 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 6:03:42 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/26/2006 10:41:16 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 4:56:06 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 5:03:08 PM | Attr = ]
CUAO.exe -> C:\WINDOWS\System32\CUAO.exe -> [Ver = | Size = 18432 bytes | Modified Date = 11/28/2006 4:59:30 PM | Attr = ]
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Modified Date = 12/14/2006 3:29:12 PM | Attr = ]
EMDF.exe -> C:\WINDOWS\System32\EMDF.exe -> [Ver = | Size = 18432 bytes | Modified Date = 11/28/2006 5:02:48 PM | Attr = ]
HEOI.exe -> C:\WINDOWS\System32\HEOI.exe -> [Ver = | Size = 18432 bytes | Modified Date = 11/28/2006 5:11:30 PM | Attr = ]
install.exe -> C:\WINDOWS\System32\install.exe -> [Ver = | Size = 73728 bytes | Modified Date = 12/14/2006 6:03:46 PM | Attr = ]
MJUN.exe -> C:\WINDOWS\System32\MJUN.exe -> [Ver = | Size = 18432 bytes | Modified Date = 11/26/2006 10:44:44 PM | Attr = ]
msasvc.exe -> C:\WINDOWS\System32\msasvc.exe -> [Ver = | Size = 3584 bytes | Modified Date = 12/14/2006 2:45:26 PM | Attr = ]
ODIP.exe -> C:\WINDOWS\System32\ODIP.exe -> [Ver = | Size = 18432 bytes | Modified Date = 11/28/2006 4:56:54 PM | Attr = ]
OUFJ.exe -> C:\WINDOWS\System32\OUFJ.exe -> [Ver = | Size = 18432 bytes | Modified Date = 11/28/2006 5:08:58 PM | Attr = ]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
sxr.dll -> C:\WINDOWS\System32\sxr.dll -> [Ver = | Size = 58880 bytes | Modified Date = 12/11/2006 8:44:28 AM | Attr = ]
t3st.bmp -> C:\WINDOWS\System32\t3st.bmp -> [Ver = | Size = 8704 bytes | Modified Date = 11/28/2006 5:11:20 PM | Attr = ]
UMFB.exe -> C:\WINDOWS\System32\UMFB.exe -> [Ver = | Size = 18432 bytes | Modified Date = 11/28/2006 4:56:02 PM | Attr = ]
vv815.exe -> C:\WINDOWS\System32\vv815.exe -> ;3r;r3;rew; [Ver = 1.00.0004 | Size = 28672 bytes | Modified Date = 12/14/2006 3:20:10 PM | Attr = ]
wefgar.exe -> C:\WINDOWS\System32\wefgar.exe -> [Ver = | Size = 0 bytes | Modified Date = 12/14/2006 3:20:06 PM | Attr = ]
wiuqcp.exe -> C:\WINDOWS\System32\wiuqcp.exe -> [Ver = | Size = 81949 bytes | Modified Date = 12/14/2006 6:03:48 PM | Attr = ]
wnxli.exe -> C:\WINDOWS\System32\wnxli.exe -> [Ver = | Size = 0 bytes | Modified Date = 12/14/2006 2:45:24 PM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/14/2006 6:59:06 PM | Attr = ]
wpic.exe -> C:\WINDOWS\System32\wpic.exe -> [Ver = | Size = 80926 bytes | Modified Date = 11/26/2006 10:44:44 PM | Attr = ]
wtssvit.exe -> C:\WINDOWS\System32\wtssvit.exe -> [Ver = | Size = 2 bytes | Modified Date = 12/13/2006 7:35:30 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 12/14/2006 7:10:16 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> [Ver = | Size = 153600 bytes | Modified Date = 8/16/2006 3:08:58 PM | Attr = HS]
aspack , -> C:\Program Files\Common Files\Intuit\QuickBooks\SR_FedEx_PLS.exe -> Z-Firm LLC [Ver = 2.0.0.362 | Size = 1179816 bytes | Modified Date = 10/7/2004 5:53:44 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Intuit\QuickBooks\ZRush_ShipRush3_QB.ocx -> Z-Firm LLC [Ver = 3.0.0.477 | Size = 3425960 bytes | Modified Date = 7/30/2004 4:29:06 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 11:50:24 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 4/13/2005 4:22:10 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 9/1/2004 12:56:56 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\emwc394c.dll -> [Ver = | Size = 61952 bytes | Modified Date = 8/8/2006 4:44:28 PM | Attr = ]
WinShutDown , -> C:\WINDOWS\System32\redist.dll -> [Ver = 1.0.1.1 | Size = 159744 bytes | Modified Date = 8/8/2006 4:44:16 PM | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\System32\redistributor.exe -> [Ver = 1.0.1.1 | Size = 126464 bytes | Modified Date = 8/8/2006 4:44:16 PM | Attr = ]
PEC2 , PECompact2 , -> C:\WINDOWS\System32\sxr.dll -> [Ver = | Size = 58880 bytes | Modified Date = 12/11/2006 8:44:28 AM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 11:35:40 AM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 14 December 2006 - 09:33 PM

Hi Caelitis. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download CCleaner and install it but do not run it yet.

Step #2

For this step you might not be able to install AVG Anti-Spyware in Safe Mode. If not, wait until after the fix and then try to boot to normal mode and install it. Let me know what happens.

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Win32 Services - Non-Microsoft Only]
YY -> (ccfgnt.exe) ccfgnt.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\ccfgnt.exe
YY -> (fxsres.exe) fxsres.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\fxsres.exe
YY -> (MsaSvc) Microsoft authenticate service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\msasvc.exe
YY -> (msports.exe) msports.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\msports.exe
YY -> (netman.exe) netman.exe [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\netman.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> emwc394c -> w004605c.DLL [RUNDLL32.EXE w004605c.dll,n 002c394a00000003004605c]
YY -> IpWins -> C:\Program Files\ipwins\ipwins.exe
YN -> w0047ee1.dll -> w0047ee1.DLL [RUNDLL32.EXE w0047ee1.dll,I2 002c394a00047ee1]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> cryptsvc -> C:\WINDOWS\system32\cryptsvc.exe
YY -> deskperf -> C:\WINDOWS\system32\deskperf.exe
YY -> ipsmsnap -> C:\WINDOWS\system32\ipsmsnap.exe
YY -> pstorec -> C:\WINDOWS\system32\pstorec.exe
YY -> qosname -> C:\WINDOWS\system32\qosname.exe
YN -> Uaol -> C:\Program Files\Common Files\W?nSxS\ati2evxx.exe
YN -> Ugu -> C:\Program Files\?icrosoft\?srss.exe
YY -> wpic -> C:\WINDOWS\system32\wpic.exe
< Internet Explorer Settings > ->
YY -> HKCU: URLSearchHooks\\{ED85C7C3-7A59-008F-7184-0445727873E0} [HKLM] -> C:\WINDOWS\system32\sxr.dll [Reg Data - Value does not exist]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {C004DEC2-2623-438e-9CA2-C9043AB28508} [HKLM] -> C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll [888Bar]
YY -> {ED85C7C3-7A59-008F-7184-0445727873E0} [HKLM] -> C:\WINDOWS\system32\sxr.dll [Reg Data - Value does not exist]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {C004DEC2-2623-438e-9CA2-C9043AB28508} [HKLM] -> C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll [888Bar]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll [888Bar]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar]
[Files - Created Wihin 30 days]
NY -> 1.exe -> C:\WINDOWS\System32\1.exe
NY -> CUAO.exe -> C:\WINDOWS\System32\CUAO.exe
NY -> EMDF.exe -> C:\WINDOWS\System32\EMDF.exe
NY -> HEOI.exe -> C:\WINDOWS\System32\HEOI.exe
NY -> install.exe -> C:\WINDOWS\System32\install.exe
NY -> MJUN.exe -> C:\WINDOWS\System32\MJUN.exe
NY -> msasvc.exe -> C:\WINDOWS\System32\msasvc.exe
NY -> ODIP.exe -> C:\WINDOWS\System32\ODIP.exe
NY -> OUFJ.exe -> C:\WINDOWS\System32\OUFJ.exe
NY -> sxr.dll -> C:\WINDOWS\System32\sxr.dll
NY -> t3st.bmp -> C:\WINDOWS\System32\t3st.bmp
NY -> UMFB.exe -> C:\WINDOWS\System32\UMFB.exe
NY -> vv815.exe -> C:\WINDOWS\System32\vv815.exe
NY -> wefgar.exe -> C:\WINDOWS\System32\wefgar.exe
NY -> wiuqcp.exe -> C:\WINDOWS\System32\wiuqcp.exe
NY -> wnxli.exe -> C:\WINDOWS\System32\wnxli.exe
NY -> wpic.exe -> C:\WINDOWS\System32\wpic.exe
NY -> wtssvit.exe -> C:\WINDOWS\System32\wtssvit.exe
[Files - Modified Wihin 30 days]
NY -> Yazzle1122OinUninstaller.exe -> C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
NY -> 1.exe -> C:\WINDOWS\System32\1.exe
NY -> CUAO.exe -> C:\WINDOWS\System32\CUAO.exe
NY -> EMDF.exe -> C:\WINDOWS\System32\EMDF.exe
NY -> HEOI.exe -> C:\WINDOWS\System32\HEOI.exe
NY -> MJUN.exe -> C:\WINDOWS\System32\MJUN.exe
NY -> msasvc.exe -> C:\WINDOWS\System32\msasvc.exe
NY -> ODIP.exe -> C:\WINDOWS\System32\ODIP.exe
NY -> OUFJ.exe -> C:\WINDOWS\System32\OUFJ.exe
NY -> sxr.dll -> C:\WINDOWS\System32\sxr.dll
NY -> UMFB.exe -> C:\WINDOWS\System32\UMFB.exe
NY -> vv815.exe -> C:\WINDOWS\System32\vv815.exe
NY -> wefgar.exe -> C:\WINDOWS\System32\wefgar.exe
NY -> wiuqcp.exe -> C:\WINDOWS\System32\wiuqcp.exe
NY -> wnxli.exe -> C:\WINDOWS\System32\wnxli.exe
NY -> wpic.exe -> C:\WINDOWS\System32\wpic.exe
NY -> wtssvit.exe -> C:\WINDOWS\System32\wtssvit.exe
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
NY -> UPX! , UPX0 , -> C:\WINDOWS\System32\emwc394c.dll
NY -> PEC2 , PECompact2 , -> C:\WINDOWS\System32\sxr.dll
[Reboot]


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #5

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #6

Please post the following logs/reports back here so I can review them:
  • A new WinPFind3u log
  • The log from the AVG Anti-Spyware scan
  • In the WinPFind3u folder will be a log file that begins with the date the fix was run (ie mmddyy_hhmmss.log).
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Caelitis

Caelitis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 15 December 2006 - 07:40 PM

Sorry for the long wait to reply, had stuff going on. Without much ado, heres the logs:

WinPFind3u:
WinPFind3 logfile created on: 12/15/2006 6:51:06 PM
WinPFind3U by OldTimer - Pre-Release 1f Folder = C:\Documents and Settings\Alex!\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
avgas.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Alex!\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 296448 bytes | Modified Date = 12/14/2006 7:35:30 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 4:23:58 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Stopped] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 9:53:18 AM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 5/25/2006 5:07:50 PM | Attr = ]
(nmservice) Pure Networks Network Magic Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 276048 bytes | Modified Date = 6/23/2006 8:24:50 PM | Attr = ]
(pifService) Symantec PIF Service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(RegSrvc) RegSrvc [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
Apoint -> C:\Program Files\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
Corel Photo Downloader -> C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 12:06:18 PM | Attr = ]
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> [Ver = 0, 5, 5, 0 | Size = 684032 bytes | Modified Date = 9/1/2005 6:24:08 PM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 5:19:56 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 2:49:46 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 3:59:54 PM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 4:24:14 PM | Attr = ]
KernelFaultCheck -> -> File not found
nmapp -> C:\Program Files\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 1029712 bytes | Modified Date = 6/23/2006 8:45:40 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/11/2006 6:35:32 PM | Attr = ]
RealTray -> C:\Program Files\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/21/2005 2:01:28 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 3:04:12 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{D4DF9B53-0850-1033-0928-051114200001} -> "C:\Program Files\Common Files\{D4DF9B53-0850-1033-0928-051114200001}\Update.exe" mc-110-12-0000797 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.dell4me.com/myway ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://ie.search.msn.com ->
HKLM: Start Page -> http://www.dell4me.com/myway ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.msn.com ->
HKCU: ProxyEnable -> 0 ->
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Infotip Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3B092F0C-7696-40E3-A80F-68D74DA84210} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Thumbnail Viewer] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [The Core Media Player Shell Extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
{63542C48-9552-494A-84F7-73AA6A7C99C1} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Property Sheet Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7D5C4BDD-B015-4401-8731-1507B87DE297} [HKLM] -> C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll [QBVersionTool] -> Intuit, Inc. [Ver = 15.0D R2 | Size = 212992 bytes | Modified Date = 11/11/2004 1:19:34 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 102400 bytes | Modified Date = 6/14/2006 4:35:34 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Column Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{C55C499D-3518-44a1-998E-796AC5FC989D} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [CoreShellAgent] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 147456 bytes | Modified Date = 10/14/2005 2:49:30 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [Reg Data - Value does not exist] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{11F3F9B8-9CFA-4533-8783-59E229C788D5} -> (1394 Net Adapter) ->
{299D5734-7CFC-4197-82CF-373DBACB2B47} -> (Broadcom 440x 10/100 Integrated Controller) ->
{6C5AD9DC-6096-480D-931E-AB7CFDFA4088} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
pure-go -> C:\Program Files\Common Files\Pure Networks Shared\puresp.dll -> Pure Networks, Inc. [Ver = 1.1.6174.2 | Size = 58960 bytes | Modified Date = 6/23/2006 9:10:36 PM | Attr = ]


[Files - Created Wihin 30 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Created Date = 12/14/2006 6:16:09 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 292 bytes | Created Date = 12/15/2006 2:52:38 PM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 2:45:10 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 3:19:58 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 6:03:40 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Created Date = 11/26/2006 10:41:15 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 4:56:05 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 5:03:06 PM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/15/2006 1:04:54 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 12/14/2006 7:10:13 PM | Attr = ]

[Files - Modified Wihin 30 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Modified Date = 12/14/2006 6:16:10 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/15/2006 2:12:36 PM | Attr = S]
ModemLog_Conexant D110 MDC V.9x Modem.txt -> C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt -> [Ver = | Size = 3844 bytes | Modified Date = 12/14/2006 6:55:44 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 292 bytes | Modified Date = 12/15/2006 6:17:38 PM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 2:45:12 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 3:20:00 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 6:03:42 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/26/2006 10:41:16 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 4:56:06 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 5:03:08 PM | Attr = ]
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Modified Date = 12/14/2006 3:29:12 PM | Attr = ]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/15/2006 12:33:48 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 12/14/2006 7:10:16 PM | Attr = ]

< End of report >

The WinPFind3u date file:

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service ccfgnt.exe stopped successfully.
Service ccfgnt.exe deleted successfully.
File C:\WINDOWS\system32\ccfgnt.exe not found!
Service fxsres.exe stopped successfully.
Service fxsres.exe deleted successfully.
File C:\WINDOWS\system32\fxsres.exe not found!
Service MsaSvc stopped successfully.
Service MsaSvc deleted successfully.
C:\WINDOWS\system32\msasvc.exe moved successfully.
Service msports.exe stopped successfully.
Service msports.exe deleted successfully.
File C:\WINDOWS\system32\msports.exe not found!
Service netman.exe stopped successfully.
Service netman.exe deleted successfully.
C:\WINDOWS\system32\netman.exe moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\emwc394c deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IpWins deleted successfully.
C:\Program Files\ipwins\ipwins.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\w0047ee1.dll deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cryptsvc deleted successfully.
C:\WINDOWS\system32\cryptsvc.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\deskperf deleted successfully.
C:\WINDOWS\system32\deskperf.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ipsmsnap deleted successfully.
C:\WINDOWS\system32\ipsmsnap.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pstorec deleted successfully.
C:\WINDOWS\system32\pstorec.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\qosname deleted successfully.
C:\WINDOWS\system32\qosname.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Uaol deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ugu deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wpic deleted successfully.
C:\WINDOWS\system32\wpic.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED85C7C3-7A59-008F-7184-0445727873E0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED85C7C3-7A59-008F-7184-0445727873E0} deleted successfully.
C:\WINDOWS\system32\sxr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C004DEC2-2623-438e-9CA2-C9043AB28508} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C004DEC2-2623-438e-9CA2-C9043AB28508} deleted successfully.
C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED85C7C3-7A59-008F-7184-0445727873E0} deleted successfully.
File C:\WINDOWS\system32\sxr.dll not found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{C004DEC2-2623-438e-9CA2-C9043AB28508} deleted successfully.
File C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll not found!
File C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\888.dll not found!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
[Files - Created Wihin 30 days]
C:\WINDOWS\System32\1.exe moved successfully.
C:\WINDOWS\System32\CUAO.exe moved successfully.
C:\WINDOWS\System32\EMDF.exe moved successfully.
C:\WINDOWS\System32\HEOI.exe moved successfully.
C:\WINDOWS\System32\install.exe moved successfully.
C:\WINDOWS\System32\MJUN.exe moved successfully.
File C:\WINDOWS\System32\msasvc.exe not found!
C:\WINDOWS\System32\ODIP.exe moved successfully.
C:\WINDOWS\System32\OUFJ.exe moved successfully.
File C:\WINDOWS\System32\sxr.dll not found!
C:\WINDOWS\System32\t3st.bmp moved successfully.
C:\WINDOWS\System32\UMFB.exe moved successfully.
C:\WINDOWS\System32\vv815.exe moved successfully.
C:\WINDOWS\System32\wefgar.exe moved successfully.
C:\WINDOWS\System32\wiuqcp.exe moved successfully.
C:\WINDOWS\System32\wnxli.exe moved successfully.
File C:\WINDOWS\System32\wpic.exe not found!
C:\WINDOWS\System32\wtssvit.exe moved successfully.
[Files - Modified Wihin 30 days]
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe moved successfully.
File C:\WINDOWS\System32\1.exe not found!
File C:\WINDOWS\System32\CUAO.exe not found!
File C:\WINDOWS\System32\EMDF.exe not found!
File C:\WINDOWS\System32\HEOI.exe not found!
File C:\WINDOWS\System32\MJUN.exe not found!
File C:\WINDOWS\System32\msasvc.exe not found!
File C:\WINDOWS\System32\ODIP.exe not found!
File C:\WINDOWS\System32\OUFJ.exe not found!
File C:\WINDOWS\System32\sxr.dll not found!
File C:\WINDOWS\System32\UMFB.exe not found!
File C:\WINDOWS\System32\vv815.exe not found!
File C:\WINDOWS\System32\wefgar.exe not found!
File C:\WINDOWS\System32\wiuqcp.exe not found!
File C:\WINDOWS\System32\wnxli.exe not found!
File C:\WINDOWS\System32\wpic.exe not found!
File C:\WINDOWS\System32\wtssvit.exe not found!
[File String Scan - Non-Microsoft Only]
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe moved successfully.
C:\WINDOWS\System32\emwc394c.dll moved successfully.
File C:\WINDOWS\System32\sxr.dll not found!
< End of log >
Created on 12/15/2006 14:11:22


And, I managed to get AVG to run, heres what it gave me:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:04:14 PM 12/15/2006

+ Scan result:



C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\Temp\{867e5929-a3cf-4a7f-8bfc-ebcc89f704c9} -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\ipwins.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{34DF9B53-0850-1033-0928-051114200001}\Uninstall.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{D4DF9B53-0850-1033-0928-051114200001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{D4DF9B53-0850-1033-0928-051114200001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\1.exe -> Backdoor.Small.ml : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\wiuqcp.exe -> Backdoor.Small.ml : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\wpic.exe -> Backdoor.Small.ml : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\vv815.exe -> Downloader.Adload.hw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Fastmp3_Setup1.exe -> Downloader.Agent.acr : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\CUAO.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\EMDF.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\HEOI.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\MJUN.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\ODIP.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\OUFJ.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\UMFB.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\GGDT.exe -> Downloader.Agent.bbz : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\BDPS.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\CEEA.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\DGLT.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\HJTN.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\IJDN.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\JFOQ.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\KEKA.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\KHRP.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\KOSF.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WіnSxS\ati2evxx.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\netman.exe -> Downloader.Reqlook.p : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\emwc394c.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\ipwins\Services.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\Program Files\ipwins\Uninst.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\install.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\WINDOWS\system32\redist.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\redistributor.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\cryptsvc.exe -> Trojan.HideProc.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\deskperf.exe -> Trojan.HideProc.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\qosname.exe -> Trojan.HideProc.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\t3st.bmp -> Trojan.HideProc.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\t3st.bmp -> Trojan.HideProc.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Alex!\Desktop\WinPFind3u\MovedFiles\wtssvit.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\QWxleCE\kqU5yFH.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


And, incase this gets the green light ( dont wanna start up i nnormal mode until absolutely positive its gone, Im afraid the infection might respread itself :/ ), Ive got a quick question for you: Does not running in Admin really stop most virus's you get from working? I heard that from somewhere, and would put my bros comp under a limited account if it was true.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 15 December 2006 - 09:09 PM

Hi Caelitis. Yes, that looks great! This machine was VERY infected. There is 1 item left that I missed but the file has already been removed so it poses no problems. Let's fix that and then go ahead and try and boot into Normal Mode.

Start WinPFind3u, copy/paste the text from the quotebox below into the Paste fix here section and then click the Run Fix button.

After that, reboot the machine normally and let's see what isn't working. It appears that some of the files for Symantec are missing so it might be necessary for you to reinstall Symantec/Norton. I do not think that it will run the way it is now and you will probably receive a number of error messages regarding not being able to start some of the services and/or find the files for it.

Let me know how things go.

Also, when running under an administrator account it will not stop any infections. It is really just the opposite. Since the account has administrator privileges any infection that you might get also will have administrator privileges and therefore have full access to almost everything on the system. It is usually better to run under a limited user account and only use an administrator account when necessary (like when installing software that needs administrator access).

Here's the fix:

[Registry - Non-Microsoft Only]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]


Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Caelitis

Caelitis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 16 December 2006 - 01:33 PM

Wow, that wasnt fun. I rebooted into normal mode, and most of the RUNDLL errors that pop up at start went away, so I know we eliminated a bunch of stuff. But whats even more curious is that after about two minutes, the bsod came back again. Would it help if I wrote down the exact error it gives, and put it here?

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 16 December 2006 - 11:56 PM

Hi Caelitis. Yes it would. That would give me the specifics of what to look for.

I would also like you to rename your current WinPFind3u folder to WinPFind3uOld and download the latest version of WinPFind3u. I've added a couple of new features and I think they may help locate any additional files.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 60 days
    • In the Files Modified Within group select 60 days
    • In the File String Search group select All
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Caelitis

Caelitis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 17 December 2006 - 11:06 AM

Here we go, this is long :x

WinPFind3 logfile created on: 12/17/2006 10:32:11 AM
WinPFind3U by OldTimer - Pre-Release 1f Folder = C:\Documents and Settings\Alex!\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.8: 2006102516 | Size = 7191149 bytes | Modified Date = 11/9/2006 7:14:46 AM | Attr = ]
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 159744 bytes | Modified Date = 10/14/2005 2:46:24 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Alex!\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 296448 bytes | Modified Date = 12/14/2006 7:35:30 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 4:23:58 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Stopped] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 9:53:18 AM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 5/25/2006 5:07:50 PM | Attr = ]
(nmservice) Pure Networks Network Magic Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 276048 bytes | Modified Date = 6/23/2006 8:24:50 PM | Attr = ]
(pifService) Symantec PIF Service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(RegSrvc) RegSrvc [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
Apoint -> C:\Program Files\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
Corel Photo Downloader -> C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 12:06:18 PM | Attr = ]
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> [Ver = 0, 5, 5, 0 | Size = 684032 bytes | Modified Date = 9/1/2005 6:24:08 PM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 5:19:56 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 2:49:46 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 3:59:54 PM | Attr = ]
ISUSPM Startup -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 4:24:14 PM | Attr = ]
KernelFaultCheck -> -> File not found
nmapp -> C:\Program Files\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 1029712 bytes | Modified Date = 6/23/2006 8:45:40 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/11/2006 6:35:32 PM | Attr = ]
RealTray -> C:\Program Files\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/21/2005 2:01:28 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 3:04:12 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{D4DF9B53-0850-1033-0928-051114200001} -> "C:\Program Files\Common Files\{D4DF9B53-0850-1033-0928-051114200001}\Update.exe" mc-110-12-0000797 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.dell4me.com/myway ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://ie.search.msn.com ->
HKLM: Start Page -> http://www.dell4me.com/myway ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.msn.com ->
HKCU: ProxyEnable -> 0 ->
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Infotip Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3B092F0C-7696-40E3-A80F-68D74DA84210} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Thumbnail Viewer] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [The Core Media Player Shell Extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
{63542C48-9552-494A-84F7-73AA6A7C99C1} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Property Sheet Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7D5C4BDD-B015-4401-8731-1507B87DE297} [HKLM] -> C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll [QBVersionTool] -> Intuit, Inc. [Ver = 15.0D R2 | Size = 212992 bytes | Modified Date = 11/11/2004 1:19:34 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 102400 bytes | Modified Date = 6/14/2006 4:35:34 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Column Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{C55C499D-3518-44a1-998E-796AC5FC989D} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [CoreShellAgent] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 147456 bytes | Modified Date = 10/14/2005 2:49:30 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [Reg Data - Value does not exist] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{11F3F9B8-9CFA-4533-8783-59E229C788D5} -> (1394 Net Adapter) ->
{299D5734-7CFC-4197-82CF-373DBACB2B47} -> (Broadcom 440x 10/100 Integrated Controller) ->
{6C5AD9DC-6096-480D-931E-AB7CFDFA4088} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
pure-go -> C:\Program Files\Common Files\Pure Networks Shared\puresp.dll -> Pure Networks, Inc. [Ver = 1.1.6174.2 | Size = 58960 bytes | Modified Date = 6/23/2006 9:10:36 PM | Attr = ]


[Files - Created Wihin 60 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Created Date = 12/14/2006 6:16:09 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Created Date = 12/17/2006 7:46:46 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 74924 bytes | Created Date = 12/17/2006 7:46:10 AM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 708 bytes | Created Date = 12/16/2006 10:51:25 PM | Attr = ]
10-11-23.exe -> C:\WINDOWS\System32\10-11-23.exe -> [Ver = | Size = 6 bytes | Created Date = 11/11/2006 12:14:53 AM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 2:45:10 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 3:19:58 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 6:03:40 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Created Date = 11/26/2006 10:41:15 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 4:56:05 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 5:03:06 PM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/15/2006 1:04:54 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 12/14/2006 7:10:13 PM | Attr = ]

[Files - Modified Wihin 60 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Modified Date = 12/14/2006 6:16:10 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/17/2006 7:46:48 AM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/17/2006 7:46:18 AM | Attr = S]
ModemLog_Conexant D110 MDC V.9x Modem.txt -> C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt -> [Ver = | Size = 3878 bytes | Modified Date = 12/16/2006 12:17:34 PM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 74924 bytes | Modified Date = 12/17/2006 7:46:44 AM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 708 bytes | Modified Date = 12/16/2006 10:51:34 PM | Attr = ]
10-11-23.exe -> C:\WINDOWS\System32\10-11-23.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/11/2006 12:14:54 AM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 2:45:12 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 3:20:00 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 6:03:42 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/26/2006 10:41:16 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 4:56:06 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 5:03:08 PM | Attr = ]
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Modified Date = 12/16/2006 1:39:28 PM | Attr = ]
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [Ver = | Size = 202528 bytes | Modified Date = 10/21/2006 10:57:24 PM | Attr = ]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/17/2006 7:47:06 AM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 12/14/2006 7:10:16 PM | Attr = ]

[File String Scan - All]
aspack , -> C:\Program Files\Common Files\Intuit\QuickBooks\SR_FedEx_PLS.exe -> Z-Firm LLC [Ver = 2.0.0.362 | Size = 1179816 bytes | Modified Date = 10/7/2004 5:53:44 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Intuit\QuickBooks\ZRush_ShipRush3_QB.ocx -> Z-Firm LLC [Ver = 3.0.0.477 | Size = 3425960 bytes | Modified Date = 7/30/2004 4:29:06 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 11:50:24 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 4/13/2005 4:22:10 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 9/1/2004 12:56:56 PM | Attr = ]
aspack , -> C:\WINDOWS\System32\d3dx9_25.dll -> Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Modified Date = 3/18/2005 6:19:58 PM | Attr = ]
aspack , -> C:\WINDOWS\System32\d3dx9_27.dll -> Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Modified Date = 7/22/2005 8:59:04 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
Thawte Consulting , USERTRUST , -> C:\WINDOWS\System32\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 147456 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\LegitCheckControl.dll -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Modified Date = 6/19/2006 4:19:42 PM | Attr = ]
PECompact2 , aspack , -> C:\WINDOWS\System32\MRT.exe -> Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Modified Date = 11/16/2006 12:20:40 AM | Attr = ]
WSUD , -> C:\WINDOWS\System32\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\ntdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
WSUD , -> C:\WINDOWS\System32\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
Umonitor , -> C:\WINDOWS\System32\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\WgaTray.exe -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Modified Date = 6/19/2006 4:19:26 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 11:35:40 AM | Attr = ]
UPX! , -> C:\WINDOWS\System32\dllcache\hwxcht.dll -> Microsoft Corporation [Ver = 1.0.0304.0 | Size = 10096640 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
UPX! , WSUD , -> C:\WINDOWS\System32\dllcache\hwxkor.dll -> Microsoft Corporation [Ver = 1.0.1038.0 | Size = 10129408 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\dllcache\WgaTray.exe -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Modified Date = 6/19/2006 4:19:26 PM | Attr = ]

< End of report >

Heres the bsod error it keeps giving me:

STOP: 0x0000008E ( 0xC0000005, 0xAA7B0439, 0xA8EFDA20, 0x00000000 )
lzx32.sys - Address AA7B0439 base at AA7AE000, Datestamp 45830b7f


My brother wrote down the error, and didnt know whether or not they were 0's or O's, and his handwriting sucked so it was kinda hard to read.

Edited by Caelitis, 17 December 2006 - 12:07 PM.


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 17 December 2006 - 12:24 PM

Hi Caelitis. That is still the old version of the program. Let's go ahead and delete all WinPFind3u files and folders from the Desktop and then follow the directions in my previous post to download and run a new scan and post it back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Caelitis

Caelitis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 17 December 2006 - 04:18 PM

WinPFind3 logfile created on: 12/17/2006 3:43:30 PM
WinPFind3U by OldTimer - Pre-Release 1i Folder = C:\Documents and Settings\Alex!\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.8: 2006102516 | Size = 7191149 bytes | Modified Date = 11/9/2006 7:14:46 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Alex!\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 301568 bytes | Modified Date = 12/17/2006 9:18:52 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 4:23:58 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Stopped] -> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 6/9/2005 9:53:18 AM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 5/25/2006 5:07:50 PM | Attr = ]
(nmservice) Pure Networks Network Magic Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 276048 bytes | Modified Date = 6/23/2006 8:24:50 PM | Attr = ]
(pifService) Symantec PIF Service [Win32_Shared | Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> File not found
(RegSrvc) RegSrvc [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Stopped] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
Apoint -> C:\Program Files\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 5:33:20 PM | Attr = ]
Corel Photo Downloader -> C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 12:06:18 PM | Attr = ]
Dell QuickSet -> C:\Program Files\Dell\QuickSet\quickset.exe -> [Ver = 0, 5, 5, 0 | Size = 684032 bytes | Modified Date = 9/1/2005 6:24:08 PM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 5:19:56 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 2:49:46 PM | Attr = ]
IntelWireless -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 3:59:54 PM | Attr = ]
ISUSPM Startup -> c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 11:44:02 AM | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 278528 bytes | Modified Date = 6/14/2006 4:24:14 PM | Attr = ]
KernelFaultCheck -> -> File not found
nmapp -> C:\Program Files\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 1029712 bytes | Modified Date = 6/23/2006 8:45:40 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 7/11/2006 6:35:32 PM | Attr = ]
RealTray -> C:\Program Files\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/21/2005 2:01:28 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> C:\Program Files\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 3:04:12 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{D4DF9B53-0850-1033-0928-051114200001} -> "C:\Program Files\Common Files\{D4DF9B53-0850-1033-0928-051114200001}\Update.exe" mc-110-12-0000797 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.dell4me.com/myway ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://ie.search.msn.com ->
HKLM: Start Page -> http://www.dell4me.com/myway ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.msn.com ->
HKCU: ProxyEnable -> 0 ->
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Infotip Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3B092F0C-7696-40E3-A80F-68D74DA84210} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Thumbnail Viewer] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [The Core Media Player Shell Extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr = ]
{63542C48-9552-494A-84F7-73AA6A7C99C1} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Property Sheet Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7D5C4BDD-B015-4401-8731-1507B87DE297} [HKLM] -> C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll [QBVersionTool] -> Intuit, Inc. [Ver = 15.0D R2 | Size = 212992 bytes | Modified Date = 11/11/2004 1:19:34 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 102400 bytes | Modified Date = 6/14/2006 4:35:34 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [OpenOffice.org Column Handler] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
{C55C499D-3518-44a1-998E-796AC5FC989D} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 6:40:48 AM | Attr = ]
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} [HKLM] -> C:\Program Files\CoreCodec\The Core Media Player\System\coreshellagent.cll [CoreShellAgent] -> [Ver = | Size = 126464 bytes | Modified Date = 9/11/2004 8:47:32 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 147456 bytes | Modified Date = 10/14/2005 2:49:30 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> C:\Program Files\Pure Networks\Network Magic\nmspce.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 558672 bytes | Modified Date = 6/23/2006 8:47:38 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 11:34:34 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 53248 bytes | Modified Date = 11/24/2005 4:24:54 PM | Attr = ]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [Reg Data - Value does not exist] -> Sun Microsystems, Inc. [Ver = 8.0.0.9064 | Size = 327680 bytes | Modified Date = 8/24/2006 4:50:50 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{11F3F9B8-9CFA-4533-8783-59E229C788D5} -> (1394 Net Adapter) ->
{299D5734-7CFC-4197-82CF-373DBACB2B47} -> (Broadcom 440x 10/100 Integrated Controller) ->
{6C5AD9DC-6096-480D-931E-AB7CFDFA4088} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
pure-go -> C:\Program Files\Common Files\Pure Networks Shared\puresp.dll -> Pure Networks, Inc. [Ver = 1.1.6174.2 | Size = 58960 bytes | Modified Date = 6/23/2006 9:10:36 PM | Attr = ]


[Files - Created Wihin 60 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Created Date = 12/14/2006 6:16:09 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Created Date = 12/17/2006 7:46:46 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 149846 bytes | Created Date = 12/17/2006 7:46:10 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 238 bytes | Created Date = 12/17/2006 11:04:44 AM | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Created Date = 12/17/2006 11:05:13 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Created Date = 12/17/2006 11:05:15 AM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Created Date = 12/17/2006 11:05:13 AM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 10935 bytes | Created Date = 12/16/2006 10:51:25 PM | Attr = ]
10-11-23.exe -> C:\WINDOWS\System32\10-11-23.exe -> [Ver = | Size = 6 bytes | Created Date = 11/11/2006 12:14:53 AM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 2:45:10 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 3:19:58 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Created Date = 12/14/2006 6:03:40 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Created Date = 11/26/2006 10:41:15 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 4:56:05 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Created Date = 11/28/2006 5:03:06 PM | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/15/2006 1:04:54 PM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 12/14/2006 7:10:13 PM | Attr = ]

[Files - Modified Wihin 60 days]
Shortcut to Netscape.lnk -> C:\Shortcut to Netscape.lnk -> [Ver = | Size = 369 bytes | Modified Date = 12/14/2006 6:16:10 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/17/2006 11:11:16 AM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/17/2006 11:10:50 AM | Attr = S]
ModemLog_Conexant D110 MDC V.9x Modem.txt -> C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt -> [Ver = | Size = 3844 bytes | Modified Date = 12/17/2006 11:05:20 AM | Attr = ]
ntbtlog.txt -> C:\WINDOWS\ntbtlog.txt -> [Ver = | Size = 149846 bytes | Modified Date = 12/17/2006 11:11:12 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 238 bytes | Modified Date = 12/17/2006 11:04:46 AM | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Modified Date = 12/17/2006 11:05:14 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 12/17/2006 11:05:18 AM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/17/2006 11:05:14 AM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 10935 bytes | Modified Date = 12/17/2006 11:05:08 AM | Attr = ]
10-11-23.exe -> C:\WINDOWS\System32\10-11-23.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/11/2006 12:14:54 AM | Attr = ]
14-12-14.dat -> C:\WINDOWS\System32\14-12-14.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 2:45:12 PM | Attr = ]
14-12-15.dat -> C:\WINDOWS\System32\14-12-15.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 3:20:00 PM | Attr = ]
14-12-18.dat -> C:\WINDOWS\System32\14-12-18.dat -> [Ver = | Size = 6 bytes | Modified Date = 12/14/2006 6:03:42 PM | Attr = ]
26-11-21.exe -> C:\WINDOWS\System32\26-11-21.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/26/2006 10:41:16 PM | Attr = ]
28-11-15.exe -> C:\WINDOWS\System32\28-11-15.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 4:56:06 PM | Attr = ]
28-11-16.exe -> C:\WINDOWS\System32\28-11-16.exe -> [Ver = | Size = 6 bytes | Modified Date = 11/28/2006 5:03:08 PM | Attr = ]
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Modified Date = 12/16/2006 1:39:28 PM | Attr = ]
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [Ver = | Size = 202528 bytes | Modified Date = 10/21/2006 10:57:24 PM | Attr = ]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 12/14/2006 2:57:40 PM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/17/2006 11:11:32 AM | Attr = ]
CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 12/14/2006 7:10:16 PM | Attr = ]

[File String Scan - All]
aspack , -> C:\Program Files\Common Files\Intuit\QuickBooks\SR_FedEx_PLS.exe -> Z-Firm LLC [Ver = 2.0.0.362 | Size = 1179816 bytes | Modified Date = 10/7/2004 5:53:44 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Intuit\QuickBooks\ZRush_ShipRush3_QB.ocx -> Z-Firm LLC [Ver = 3.0.0.477 | Size = 3425960 bytes | Modified Date = 7/30/2004 4:29:06 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 11:50:24 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 4/13/2005 4:22:10 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 9/1/2004 12:56:56 PM | Attr = ]
aspack , -> C:\WINDOWS\System32\d3dx9_25.dll -> Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Modified Date = 3/18/2005 6:19:58 PM | Attr = ]
aspack , -> C:\WINDOWS\System32\d3dx9_27.dll -> Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Modified Date = 7/22/2005 8:59:04 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
Thawte Consulting , USERTRUST , -> C:\WINDOWS\System32\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 147456 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\LegitCheckControl.dll -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Modified Date = 6/19/2006 4:19:42 PM | Attr = ]
PECompact2 , aspack , -> C:\WINDOWS\System32\MRT.exe -> Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Modified Date = 11/16/2006 12:20:40 AM | Attr = ]
WSUD , -> C:\WINDOWS\System32\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\ntdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
WSUD , -> C:\WINDOWS\System32\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
Umonitor , -> C:\WINDOWS\System32\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\WgaTray.exe -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Modified Date = 6/19/2006 4:19:26 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 11:35:40 AM | Attr = ]
UPX! , -> C:\WINDOWS\System32\dllcache\hwxcht.dll -> Microsoft Corporation [Ver = 1.0.0304.0 | Size = 10096640 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
UPX! , WSUD , -> C:\WINDOWS\System32\dllcache\hwxkor.dll -> Microsoft Corporation [Ver = 1.0.1038.0 | Size = 10129408 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\dllcache\WgaTray.exe -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Modified Date = 6/19/2006 4:19:26 PM | Attr = ]

< End of report >

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 17 December 2006 - 04:34 PM

Hi Caelitis. That looks good. I do not see any problems anywhere in the log.

Boot it up normally and if you get the bsod then write down the error message and any other info regarding what was running at the time and post that back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 Caelitis

Caelitis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 17 December 2006 - 05:23 PM

As to what was running at the time, there was nothing out of the normal that caught my eye. As to the error message, it gives the typical bsod crap, then for the technical details:

*** STOP: 0x0000008E (0xC0000005, 0xAA7B0439, 0xA9386A20, 0x00000000)


*** lzx32.sys - Address AA7B0439 base at AA7AE000, DateStamp 45830b7f



Now, heres what I think might be wrong: Is it possible if theres something hidden thats starting up, like whatever is calling this lzx32.sys, and causing it to crash? If thats possible, is there a program I can use to check out what is starting at bootup?

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 17 December 2006 - 05:59 PM

Hi Caelitis. Yup, it's a hidden process. Let's see if we can remove it.
  • Download - rustbfix.exe and save it to your desktop.
  • Double click on rustbfix.exe to run the tool.
  • If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically.
  • After the reboot 2 logfiles will open (%root%\avenger.txt & root%\rustbfix\pelog.txt). If needed (still infected), post the content of these logfiles along with a new WinPFind3u log.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Caelitis

Caelitis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 17 December 2006 - 10:16 PM

Wow, I think that did the trick. No bsod!

Ill put it through the runs, and post back tomorrow if I have any new troubles.

Thanks so much :DD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users