WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Adware Virtundo Problems

Started by missionhill , May 18 2007 01:18 PM

This topic is locked

11 replies to this topic

#1 missionhill

New Member

New Member
6 posts

Posted 18 May 2007 - 01:18 PM

My computer is running extremely slow and McAfee keeps popping up alerting me to the adware but it can't get rid of it.

Here's my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 2:17:09 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060913
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060913
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ytmpgpyt.dll",realset
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Hopefully you can help me.

Advertisements

Register to Remove

#2 tim s

MRU Emeritus

Authentic Member
229 posts

Interests:Computers

Posted 19 May 2007 - 05:43 PM

Hi missionhill,

Welcome to the Tomcoyote forum! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:

If you don't know, stop and ask! Don't continue, we don't want to start all over again!
Understand that cleaning your computer can sometimes take multiple passes/posts,
and it's important to follow the steps as listed including re-running scans as listed
Please reply to this thread, do not start another.

If you can do those three things, everything should go smoothly
------------------------------------------------------------------

Please do the following:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Change settings Under Files/Folders Created Within-----
- Click on 60 days
Change settings Under Files/Folders Modified Within-----
- Click on 60 days
Next on the right side of screen Under Additional Scans
- Put a checkmark in the box next to Reg-Uninstall List
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

*NOTE Use the Add Reply button and Copy/Paste the information back here. If, after posting your reply,
the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into separate reply post.

I will review it when it comes in.

Honors Graduate of MalWare Removal University - A Cooperative Effort with WhattheTech

#3 missionhill

New Member

New Member
6 posts

Posted 21 May 2007 - 03:48 PM

Thanks for helping. Just tell me what I need to do.

#4 missionhill

New Member

New Member
6 posts

Posted 21 May 2007 - 04:06 PM

WinPFind3 logfile created on: 5/21/2007 4:50:35 PM
WinPFind3U by OldTimer - Version 1.0.37 Folder = C:\Documents and Settings\Lumpy\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1015.37 Mb Total Physical Memory | 461.36 Mb Available Physical Memory | 45.44% Memory free
2.39 Gb Paging File | 1.93 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.65 Gb Total Space | 11.24 Gb Free Space | 33.41% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Lumpy
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 33 | Size = 245760 bytes | Modified Date = 9/7/2004 4:03:40 PM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 4:19:56 PM | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 4:02:40 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.3: 2007030919 | Size = 7633008 bytes | Modified Date = 3/12/2007 4:01:04 AM | Attr = ]
flashget.exe -> %ProgramFiles%\FlashGet\flashget.exe -> FlashGet.com [Ver = 1, 8, 2, 1002 | Size = 1716224 bytes | Modified Date = 4/2/2007 8:32:20 AM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [Ver = | Size = 169984 bytes | Modified Date = 9/13/2006 1:17:30 PM | Attr = ]
googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe -> [Ver = | Size = 555008 bytes | Modified Date = 9/13/2006 1:17:30 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/31/2007 3:44:10 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 8:46:34 PM | Attr = ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 2:59:54 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 8:50:30 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 159744 bytes | Modified Date = 10/14/2005 8:46:24 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 11:26:20 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 9:33:42 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 12/22/2006 4:02:26 PM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 370256 bytes | Modified Date = 1/16/2007 6:03:34 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.118.0 | Size = 841256 bytes | Modified Date = 3/9/2007 5:21:04 PM | Attr = ]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 2:08:06 PM | Attr = ]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 304680 bytes | Modified Date = 4/18/2007 2:08:10 PM | Attr = ]
mskagent.exe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 5:30:24 PM | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 5:30:34 PM | Attr = ]
netwaiting.exe -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 2:57:54 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 2:58:52 PM | Attr = ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 4:02:04 PM | Attr = ]
residence.exe -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -> Sony Corporation. [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 7/8/2004 4:13:42 PM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 4:05:10 PM | Attr = ]
sonytray.exe -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe -> Sony Corporation [Ver = 1, 0, 31121, 1 | Size = 151552 bytes | Modified Date = 11/21/2003 9:02:42 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 11:30:44 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 6:48:02 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.37.0 | Size = 319488 bytes | Modified Date = 5/16/2007 9:40:18 PM | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 4:12:32 PM | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 9/7/2004 4:08:02 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 4/28/2007 4:37:08 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,206,0 | Size = 341584 bytes | Modified Date = 1/12/2007 4:13:24 PM | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 4:02:40 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/31/2007 3:44:06 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 4:22:18 PM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 9:33:42 AM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 6:01:58 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.118.0 | Size = 841256 bytes | Modified Date = 3/9/2007 5:21:04 PM | Attr = ]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 2:08:06 PM | Attr = ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 5:30:34 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 2:57:54 PM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 4:02:04 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 4:05:10 PM | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 4:12:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 2:58:52 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 4:19:56 PM | Attr = ]
Flashget -> %ProgramFiles%\FlashGet\flashget.exe -> FlashGet.com [Ver = 1, 8, 2, 1002 | Size = 1716224 bytes | Modified Date = 4/2/2007 8:32:20 AM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [Ver = | Size = 169984 bytes | Modified Date = 9/13/2006 1:17:30 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 8:46:34 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 8:50:30 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 8:49:46 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/30/2004 2:59:54 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
MskAgentexe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 5:30:24 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
setup -> %System32%\jpcrysrs.dll [rundll32.exe "C:\WINDOWS\system32\jpcrysrs.dll",realset] -> [Ver = | Size = 132660 bytes | Modified Date = 5/20/2007 2:13:38 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 11:30:44 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 6:48:02 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ]
ModemOnHold -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/31/2007 3:44:10 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ]
%AllUsersStartup%\Picture Package Menu.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe -> Sony Corporation [Ver = 1, 0, 31121, 1 | Size = 151552 bytes | Modified Date = 11/21/2003 9:02:42 PM | Attr = ]
%AllUsersStartup%\Picture Package VCD Maker.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -> Sony Corporation. [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 7/8/2004 4:13:42 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Lumpy\Start Menu\Programs\Startup
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 8:16:50 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 9/13/2006 1:17:30 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{E9FE24FA-3113-4A03-908E-FF71D5AC683C} [HKLM] -> %System32%\urqpolj.dll [] -> [Ver = | Size = 26678 bytes | Modified Date = 4/28/2007 4:07:24 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 8:45:38 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 9/7/2004 4:08:06 PM | Attr = ]
pmnlk -> %System32%\pmnlk.dll -> [Ver = | Size = 285268 bytes | Modified Date = 5/9/2007 12:31:38 PM | Attr = HS]
urqpolj -> %System32%\urqpolj.dll -> [Ver = | Size = 26678 bytes | Modified Date = 4/28/2007 4:07:24 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060913 ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.co...amp;ibd=6060913 ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> %ProgramFiles%\FlashGet\jccatch.dll [FGCatchUrl] -> www.flashget.com [Ver = 1, 8, 1, 1006 | Size = 75528 bytes | Modified Date = 1/29/2007 4:46:54 AM | Attr = ]
{3C8C738E-5D88-4A78-9BD0-DCF48D108835} [HKLM] -> %System32%\pmnlk.dll [Reg Data - Value does not exist] -> [Ver = | Size = 285268 bytes | Modified Date = 5/9/2007 12:31:38 PM | Attr = HS]
{55DB983C-BDBF-426f-86F0-187B02DDA39B} [HKLM] -> %System32%\mmsooceb.dll [Reg Data - Value does not exist] -> [Ver = | Size = 49204 bytes | Modified Date = 5/16/2007 3:41:02 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
{6156F68E-2263-41B9-892A-E6ECE99B6444} [HKLM] -> %System32%\ddayv.dll [Reg Data - Value does not exist] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\virusscan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 67136 bytes | Modified Date = 12/22/2006 4:02:40 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 8/30/2006 6:58:56 PM | Attr = ]
{E9FE24FA-3113-4A03-908E-FF71D5AC683C} [HKLM] -> %System32%\urqpolj.dll [Reg Data - Value does not exist] -> [Ver = | Size = 26678 bytes | Modified Date = 4/28/2007 4:07:24 PM | Attr = ]
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> %ProgramFiles%\FlashGet\getflash.dll [FlashGet GetFlash Class] -> www.flashget.com [Ver = 1, 8, 1, 1002 | Size = 136968 bytes | Modified Date = 1/14/2007 10:40:58 PM | Attr = ]
{FB10E0EC-C7E5-4032-A899-8E2DC3177593} [HKLM] -> %System32%\ajmmlbgj.dll [Reg Data - Value does not exist] -> [Ver = | Size = 131604 bytes | Modified Date = 5/6/2007 1:49:38 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> %ProgramFiles%\FlashGet\flashget.exe [ButtonText: FlashGet] -> FlashGet.com [Ver = 1, 8, 2, 1002 | Size = 1716224 bytes | Modified Date = 4/2/2007 8:32:20 AM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Download All with FlashGet -> %ProgramFiles%\FlashGet\JC_ALL.HTM -> [Ver = | Size = 575 bytes | Modified Date = 2/5/2000 10:06:06 PM | Attr = ]
&Download with FlashGet -> %ProgramFiles%\FlashGet\JC_LINK.HTM -> [Ver = | Size = 1898 bytes | Modified Date = 10/26/2006 10:43:20 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3F6A1C88-26FD-41E2-83E8-B8598A300E43} -> () ->
{5DD84B18-2F39-44B3-8F46-B74F30FC97B7} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{7EB06954-B278-4C72-A56B-60EF5A65D816} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://www.pcpitstop...p/PCPitStop.CAB ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://download.mcaf...01/mcinsctl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->

[Registry - Additional Scans - Non-Microsoft Only]
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} -> mSSO ->
{075473F5-846A-448B-BCB3-104AA1760205} -> Sonic RecordNow Data ->
{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} -> mLogView ->
{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} -> Microsoft Plus! Photo Story 2 LE ->
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA ->
{1E2F8AE3-3437-44E6-BB75-E95751D6B83F} -> Picture Package ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer ->
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} -> mProSafe ->
{26E1BFB0-E87E-4696-9F89-B467F01F81E5} -> Broadcom Management Programs ->
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager ->
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6 ->
{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10 ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{352310C3-E46B-42D3-8F32-54721FDD72D9} -> NetZeroInstallers ->
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) ->
{3E9D596A-61D4-4239-BD19-2DB984D2A16F} -> mIWA ->
{3EE33958-7381-4E7B-A4F3-6E43098E9E9C} -> URL Assistant ->
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting ->
{446DBFFA-4088-48E3-8932-74316BA4CAE4} -> iTunes ->
{4667B940-BB01-428B-986E-A0CC46497BF7} -> ELIcon ->
{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} -> mHlpDell ->
{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Starter Edition 3.0 ->
{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool ->
{5C29CB8B-AC1E-4114-8D68-9CD080140D4A} -> Sony USB Driver ->
{5E863175-E85D-44A6-8968-82507D34AE7F} -> QuickTime ->
{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} -> AOLIcon ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD 5.5 ->
{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3} -> Power Tab Editor 1.7 ->
{6D52C408-B09A-4520-9B18-475B81D393F1} -> Microsoft Works ->
{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} -> Digital Content Portal ->
{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} -> mCore ->
{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} -> Microsoft Plus! Digital Media Edition Installer ->
{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} -> mIWCA ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->
{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE} -> EarthLink setup files ->
{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore ->
{786C5747-1437-443D-B06E-79A00FE45110} -> Adobe Stock Photos 1.0 ->
{7A3F0566-5E05-4919-9C98-456F6B5CF831} -> Get High Speed Internet! ->
{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport ->
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper ->
{85D3CC30-8859-481A-9654-FD9B74310BEF} -> Musicmatch® Jukebox ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Graphics Media Accelerator Driver for Mobile ->
{8A9B8148-DDD7-448F-BD6C-358386D32354} -> Corel Photo Album 6 ->
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} -> mPfMgr ->
{8EDBA74D-0686-4C99-BFDD-F894678E5102} -> Adobe Common File Installer ->
{8FFC924C-ED06-44CB-8867-3CA778ECE903} -> Adobe Help Center 2.0 ->
{90B0D222-8C21-4B35-9262-53B042F18AF9} -> mPfWiz ->
{91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003 ->
{91CA0409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Small Business Edition 2003 ->
{94658027-9F16-4509-BBD7-A59FE57C3023} -> mZConfig ->
{9559F7CA-5E34-4237-A2D9-D856464AD727} -> Project64 1.6 ->
{9CC89556-3578-48DD-8408-04E66EBEF401} -> mXML ->
{A260B422-70E1-41E2-957D-F76FA21266D5} -> Apple Software Update ->
{A683A2C0-821C-486F-858C-FA634DB5E864} -> EducateU ->
{AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Sonic RecordNow Audio ->
{AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9 ->
{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A} -> Adobe Bridge 1.0 ->
{B0DF58A2-40DF-4465-AA56-38623EC9938C} -> Documentation & Support Launcher ->
{B12665F4-4E93-4AB4-B7FC-37053B524629} -> Sonic RecordNow Copy ->
{B6884A07-0305-47AE-9969-8F26FADC17DE} -> Games, Music, & Photos Launcher ->
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player ->
{BA68600E-96D9-4E92-80F2-26B9681B5A63} -> Microsoft Office Outlook 2003 with Business Contact Manager Update ->
{C5074CC4-0E26-4716-A307-960272A90040} -> QuickSet ->
{C797EAF2-707A-4239-BDF3-F2672314A734} -> First Step Guide ->
{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC} -> mToolkit ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{D2988E9B-C73F-422C-AD4B-A66EBE257120} -> MCU ->
{E09B48B5-E141-427A-AB0C-D3605127224A} -> Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) ->
{E42BD75A-FC23-4E3F-9F91-2658334C644F} -> Internet Service Offers Launcher ->
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect ->
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} -> mMHouse ->
{F6090A17-0967-4A8A-B3C3-422A1B514D49} -> mDrWiFi ->
{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538} -> ImageMixer VCD2 ->
{FA17A726-B229-4116-B793-A2AB1A4EAE2E} -> Adobe Premiere Pro 2.0 ->
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} -> mWlsSafe ->
Adobe Premiere Pro 2.0 -> Adobe Premiere Pro 2.0 ->
AdobeESD -> Adobe Download Manager 2.0 (Remove Only) ->
America Online us -> America Online (Choose which version to remove) ->
AOLCoach -> AOL Coach Version 1.0(Build:20040229.1 en) ->
Bloodmasters_is1 -> Bloodmasters 1.1 ->
CDisplay_is1 -> CDisplay 1.8 ->
CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3 -> Conexant HDA D110 MDC V.92 Modem ->
Dell Digital Jukebox Driver -> Dell Digital Jukebox Driver ->
Dell Game Console -> Dell Game Console ->
Dell Photo Printer 720 -> Dell Photo Printer 720 ->
DivX Content Uploader -> DivX Content Uploader ->
Extra MAME -> Extra MAME ->
FlashGet -> FlashGet 1.8.2.1002 ->
FLVPlayer -> FLV Player 1.3.3 ->
Google Desktop -> Google Desktop ->
HijackThis -> HijackThis 1.99.1 ->
Hijackthis_is1 -> Hijackthis 1.99.1 ->
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->
ie7 -> Windows Internet Explorer 7 ->
KB835221WXP -> High Definition Audio Driver Package - KB835221 ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB885855 -> Windows XP Hotfix - KB885855 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB889673 -> Windows XP Hotfix - KB889673 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB896256 -> Hotfix for Windows XP (KB896256) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB898458 -> Security Update for Step By Step Interactive Training (KB898458) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899588 -> Security Update for Windows XP (KB899588) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB904942 -> Update for Windows XP (KB904942) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB906569 -> Hotfix for Windows XP (KB906569) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Security Update for Windows XP (KB908531) ->
KB908673 -> Hotfix for Windows XP (KB908673) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB912945 -> Update for Windows XP (KB912945) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914440 -> Hotfix for Windows XP (KB914440) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB916281 -> Security Update for Windows XP (KB916281) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917283.T1_1ToU93_1 -> Security Update for Microsoft .NET Framework 2.0 (KB917283) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB918899 -> Security Update for Windows XP (KB918899) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920214 -> Security Update for Windows XP (KB920214) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922760 -> Security Update for Windows XP (KB922760) ->
KB922770.T1_1ToU168_1 -> Security Update for Microsoft .NET Framework 2.0 (KB922770) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923689 -> Security Update for Windows XP (KB923689) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923723 -> Security Update for Step By Step Interactive Training (KB923723) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925486 -> Security Update for Windows XP (KB925486) ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB928090-IE7 -> Security Update for Windows Internet Explorer 7 (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929969 -> Security Update for Windows Internet Explorer 7 (KB929969) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931768-IE7 -> Security Update for Windows Internet Explorer 7 (KB931768) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB931836 -> Update for Windows XP (KB931836) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
M886903 -> Microsoft .NET Framework 1.1 Hotfix (KB886903) ->
Magic ISO Maker v5.3 (build 0229) -> Magic ISO Maker v5.3 (build 0229) ->
McAfee Uninstall Utility -> McAfee Uninstaller ->
MFZ0CODEC -> MFZ0 codec (Remove Only) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->
Mozilla Firefox (2.0.0.3) -> Mozilla Firefox (2.0.0.3) ->
MSC -> McAfee SecurityCenter ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
Plato DVD Ripper_is1 -> Plato DVD Ripper 6.66 ->
ProInst -> Intel® PROSet/Wireless Software ->
RealPlayer 6.0 -> RealPlayer Basic ->
SearchAssist -> SearchAssist ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
StreetPlugin -> Learn2 Player (Uninstall Only) ->
SynTPDeinstKey -> Synaptics Pointing Device Driver ->
ViewpointMediaPlayer -> Viewpoint Media Player ->
WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
WildTangent CDA -> WildTangent Web Driver ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
Windows Media Player -> Windows Media Player 10 ->
WinRAR archiver -> WinRAR archiver ->
Yahoo! Companion -> Yahoo! Toolbar ->
Yahoo! Toolbar -> Yahoo! Toolbar ->

[Files/Folders - Created Within 60 days]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 4/15/2007 2:21:31 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064763392 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/3/2007 4:40:47 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/11/2007 5:00:05 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/10/2007 2:02:20 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/11/2007 5:00:12 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/11/2007 5:00:23 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/11/2007 4:59:55 PM | Attr = H ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 5/11/2007 1:35:48 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 5/11/2007 1:35:48 AM | Attr = H ]
WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx -> [Ver = | Size = 156910 bytes | Created Date = 4/14/2007 2:36:50 AM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 350 bytes | Created Date = 4/4/2007 10:29:40 AM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 352 bytes | Created Date = 4/4/2007 10:29:39 AM | Attr = ]
AC3ACM.acm -> %System32%\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 4/14/2007 2:36:47 AM | Attr = ]
ajmmlbgj.dll -> %System32%\ajmmlbgj.dll -> [Ver = | Size = 131604 bytes | Created Date = 5/6/2007 12:49:35 PM | Attr = ]
alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 4/14/2007 2:36:47 AM | Attr = ]
bfablgms.ini -> %System32%\bfablgms.ini -> [Ver = | Size = 294 bytes | Created Date = 5/19/2007 2:04:56 PM | Attr = HS]
cbxxyab.dll -> %System32%\cbxxyab.dll -> [Ver = | Size = 26678 bytes | Created Date = 4/28/2007 3:06:26 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 7226 bytes | Created Date = 4/4/2007 10:40:20 AM | Attr = ]
divx.dll -> %System32%\divx.dll -> DivXNetworks, Inc. [Ver = 5.0.5.830 | Size = 638976 bytes | Created Date = 4/14/2007 2:36:48 AM | Attr = ]
divxdec.ax -> %System32%\divxdec.ax -> DivXNetworks, Inc. [Ver = 5.0.5.830 | Size = 221215 bytes | Created Date = 4/14/2007 2:36:49 AM | Attr = ]
dunzip32.dll -> %System32%\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 4/4/2007 10:31:58 AM | Attr = ]
flvbblbl.dll -> %System32%\flvbblbl.dll -> [Ver = | Size = 131604 bytes | Created Date = 4/28/2007 3:14:18 PM | Attr = ]
igpyatvg.dll -> %System32%\igpyatvg.dll -> [Ver = | Size = 49204 bytes | Created Date = 4/28/2007 3:14:13 PM | Attr = ]
iiylfnwt.ini -> %System32%\iiylfnwt.ini -> [Ver = | Size = 833162 bytes | Created Date = 5/20/2007 1:09:31 PM | Attr = HS]
jpcrysrs.dll -> %System32%\jpcrysrs.dll -> [Ver = | Size = 132660 bytes | Created Date = 5/20/2007 1:13:34 PM | Attr = ]
jpqilwij.ini -> %System32%\jpqilwij.ini -> [Ver = | Size = 833486 bytes | Created Date = 5/18/2007 10:41:36 PM | Attr = HS]
kiluxnjf.dll -> %System32%\kiluxnjf.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/11/2007 12:46:48 PM | Attr = ]
klnmp.bak1 -> %System32%\klnmp.bak1 -> [Ver = | Size = 1499751 bytes | Created Date = 5/9/2007 11:33:23 AM | Attr = HS]
klnmp.bak2 -> %System32%\klnmp.bak2 -> [Ver = | Size = 1529522 bytes | Created Date = 5/10/2007 11:33:31 AM | Attr = HS]
klnmp.ini -> %System32%\klnmp.ini -> [Ver = | Size = 1582703 bytes | Created Date = 5/18/2007 12:37:32 PM | Attr = HS]
klnmp.ini2 -> %System32%\klnmp.ini2 -> [Ver = | Size = 1547529 bytes | Created Date = 5/18/2007 12:29:51 PM | Attr = HS]
klnmp.tmp -> %System32%\klnmp.tmp -> [Ver = | Size = 1582703 bytes | Created Date = 5/18/2007 12:23:13 PM | Attr = HS]
lfavi12n.dll -> %System32%\lfavi12n.dll -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 25600 bytes | Created Date = 4/9/2007 9:09:15 AM | Attr = ]
LFCMP12n.DLL -> %System32%\LFCMP12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 314880 bytes | Created Date = 4/9/2007 9:09:15 AM | Attr = ]
LFFAX12n.DLL -> %System32%\LFFAX12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 78336 bytes | Created Date = 4/9/2007 9:09:15 AM | Attr = ]
lfgif12n.dll -> %System32%\lfgif12n.dll -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 43008 bytes | Created Date = 4/9/2007 9:09:15 AM | Attr = ]
lfmpg12n.dll -> %System32%\lfmpg12n.dll -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 121856 bytes | Created Date = 4/9/2007 9:09:15 AM | Attr = ]
LFTIF12n.DLL -> %System32%\LFTIF12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 155648 bytes | Created Date = 4/9/2007 9:09:15 AM | Attr = ]
LTDIS12n.DLL -> %System32%\LTDIS12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 278528 bytes | Created Date = 4/9/2007 9:09:15 AM | Attr = ]
LTEFX12n.DLL -> %System32%\LTEFX12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 227840 bytes | Created Date = 4/9/2007 9:09:16 AM | Attr = ]
LTFIL12n.DLL -> %System32%\LTFIL12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 122368 bytes | Created Date = 4/9/2007 9:09:16 AM | Attr = ]
LTIMG12n.DLL -> %System32%\LTIMG12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 166400 bytes | Created Date = 4/9/2007 9:09:16 AM | Attr = ]
LTKRN12n.DLL -> %System32%\LTKRN12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 406528 bytes | Created Date = 4/9/2007 9:09:16 AM | Attr = ]
LTOCX12n.INF -> %System32%\LTOCX12n.INF -> [Ver = | Size = 1458 bytes | Created Date = 4/9/2007 9:09:16 AM | Attr = ]
ltocx12n.ocx -> %System32%\ltocx12n.ocx -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 610816 bytes | Created Date = 4/9/2007 9:09:17 AM | Attr = ]
LTTWN12n.DLL -> %System32%\LTTWN12n.DLL -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 41472 bytes | Created Date = 4/9/2007 9:09:16 AM | Attr = ]
Ltwvc12n.dll -> %System32%\Ltwvc12n.dll -> LEAD Technologies, Inc. [Ver = 12.1.0.015 | Size = 854528 bytes | Created Date = 4/9/2007 9:09:16 AM | Attr = ]
mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 4/14/2007 2:36:48 AM | Attr = ]
mfqfptbf.ini -> %System32%\mfqfptbf.ini -> [Ver = | Size = 1463964 bytes | Created Date = 5/4/2007 10:55:53 AM | Attr = HS]
mmsooceb.dll -> %System32%\mmsooceb.dll -> [Ver = | Size = 49204 bytes | Created Date = 5/16/2007 2:40:59 PM | Attr = ]
MyFlashZip0.ax -> %System32%\MyFlashZip0.ax -> Moyea Inc. [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Created Date = 4/14/2007 2:09:25 AM | Attr = ]
neihaxey.ini -> %System32%\neihaxey.ini -> [Ver = | Size = 1464687 bytes | Created Date = 5/6/2007 12:59:23 AM | Attr = HS]
pmnlk.dll -> %System32%\pmnlk.dll -> [Ver = | Size = 285268 bytes | Created Date = 5/9/2007 11:29:53 AM | Attr = HS]
rpmoekat.ini -> %System32%\rpmoekat.ini -> [Ver = | Size = 1364 bytes | Created Date = 5/6/2007 12:58:33 AM | Attr = HS]
rpmoekat.tmp -> %System32%\rpmoekat.tmp -> [Ver = | Size = 1364 bytes | Created Date = 5/6/2007 12:47:14 PM | Attr = HS]
Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 4/14/2007 2:36:48 AM | Attr = ]
SONYHCY.DLL -> %System32%\SONYHCY.DLL -> Sony Corporation [Ver = 1.00.0628 | Size = 53248 bytes | Created Date = 4/9/2007 9:09:42 AM | Attr = ]
srsyrcpj.ini -> %System32%\srsyrcpj.ini -> [Ver = | Size = 833411 bytes | Created Date = 5/20/2007 1:13:39 PM | Attr = HS]
srutv.ini -> %System32%\srutv.ini -> [Ver = | Size = 353 bytes | Created Date = 5/9/2007 12:33:53 AM | Attr = HS]
ssqqoll.dll -> %System32%\ssqqoll.dll -> [Ver = | Size = 26678 bytes | Created Date = 4/28/2007 3:07:57 PM | Attr = ]
tvekjdtx.dll -> %System32%\tvekjdtx.dll -> [Ver = | Size = 131604 bytes | Created Date = 5/5/2007 2:58:07 PM | Attr = ]
typgpmty.ini -> %System32%\typgpmty.ini -> [Ver = | Size = 834542 bytes | Created Date = 5/10/2007 11:35:38 AM | Attr = HS]
urqpolj.dll -> %System32%\urqpolj.dll -> [Ver = | Size = 26678 bytes | Created Date = 4/28/2007 3:07:21 PM | Attr = ]
vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 4/14/2007 2:36:48 AM | Attr = ]
vturs.dll -> %System32%\vturs.dll -> [Ver = | Size = 285268 bytes | Created Date = 5/9/2007 12:33:35 AM | Attr = HS]
vyadd.tmp -> %System32%\vyadd.tmp -> [Ver = | Size = 1416430 bytes | Created Date = 5/3/2007 1:01:51 AM | Attr = HS]
xuhndept.ini -> %System32%\xuhndept.ini -> [Ver = | Size = 1124 bytes | Created Date = 4/28/2007 3:14:09 PM | Attr = HS]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 53248 bytes | Created Date = 4/14/2007 2:36:48 AM | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 524288 bytes | Created Date = 4/14/2007 2:36:48 AM | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 139264 bytes | Created Date = 4/14/2007 2:36:48 AM | Attr = ]
xyevgtfd.dll -> %System32%\xyevgtfd.dll -> [Ver = | Size = 131604 bytes | Created Date = 5/6/2007 12:59:16 AM | Attr = ]
zlib1.dll -> %System32%\zlib1.dll -> Zlib [Ver = 1.2.3.2027 | Size = 75264 bytes | Created Date = 4/14/2007 2:09:25 AM | Attr = ]
CDRBSDRV.SYS -> %System32%\drivers\CDRBSDRV.SYS -> B.H.A Corporation [Ver = 7. 0. 0. 5 | Size = 13567 bytes | Created Date = 4/9/2007 9:08:37 AM | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Created Date = 4/4/2007 10:30:13 AM | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 34184 bytes | Created Date = 4/4/2007 10:30:18 AM | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Created Date = 4/4/2007 10:30:14 AM | Attr = ]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 32008 bytes | Created Date = 4/4/2007 10:30:19 AM | Attr = ]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 37480 bytes | Created Date = 4/4/2007 10:30:19 AM | Attr = ]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Created Date = 4/4/2007 10:30:02 AM | Attr = ]
sonyhcb.sys -> %System32%\drivers\sonyhcb.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 6097 bytes | Created Date = 4/9/2007 9:09:42 AM | Attr = ]
sonyhcc.sys -> %System32%\drivers\sonyhcc.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 38739 bytes | Created Date = 4/9/2007 9:09:42 AM | Attr = ]
Sonyhcp.dll -> %System32%\drivers\Sonyhcp.dll -> [Ver = | Size = 3654 bytes | Created Date = 4/9/2007 9:09:42 AM | Attr = ]
sonyhcs.sys -> %System32%\drivers\sonyhcs.sys -> Sony Corporation [Ver = 1, 0, 0, 53 | Size = 299923 bytes | Created Date = 4/9/2007 9:09:42 AM | Attr = ]
sonypvs1.sys -> %System32%\drivers\sonypvs1.sys -> Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Created Date = 4/9/2007 9:09:42 AM | Attr = ]

[Files/Folders - Modified Within 60 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 50 bytes | Modified Date = 4/9/2007 10:12:16 AM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 4/15/2007 3:21:32 AM | Attr = ]
drivers -> %SystemDrive%\drivers -> [Folder | Modified Date = 4/9/2007 10:09:42 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064763392 bytes | Modified Date = 5/21/2007 3:17:06 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/18/2007 1:33:52 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/21/2007 11:42:02 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/10/2007 3:02:40 AM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/3/2007 5:40:50 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/11/2007 6:00:06 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/10/2007 3:02:22 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/11/2007 6:00:14 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/11/2007 6:00:26 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/11/2007 5:59:58 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/21/2007 3:17:06 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/10/2007 3:00:38 AM | Attr = ]
dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 337 bytes | Modified Date = 5/18/2007 1:10:32 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/7/2007 1:12:50 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/14/2007 3:45:24 AM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/15/2007 10:18:22 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/10/2007 3:02:36 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/21/2007 9:14:46 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/28/2007 4:46:52 PM | Attr = HS]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/11/2007 9:19:18 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/21/2007 12:23:34 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 5/11/2007 2:35:50 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/11/2007 2:35:50 AM | Attr = H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 5/15/2007 10:18:24 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/21/2007 4:51:22 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/5/2007 4:05:30 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/21/2007 4:48:20 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/10/2007 1:25:06 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 350 bytes | Modified Date = 4/15/2007 1:39:18 AM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 352 bytes | Modified Date = 4/4/2007 11:29:40 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/21/2007 3:17:24 PM | Attr = H ]
ajmmlbgj.dll -> %System32%\ajmmlbgj.dll -> [Ver = | Size = 131604 bytes | Modified Date = 5/6/2007 1:49:38 PM | Attr = ]
bfablgms.ini -> %System32%\bfablgms.ini -> [Ver = | Size = 294 bytes | Modified Date = 5/19/2007 3:05:04 PM | Attr = HS]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/21/2007 9:14:06 AM | Attr = ]
cbxxyab.dll -> %System32%\cbxxyab.dll -> [Ver = | Size = 26678 bytes | Modified Date = 4/28/2007 4:06:28 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 7226 bytes | Modified Date = 5/21/2007 4:38:44 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/16/2007 11:06:40 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/10/2007 3:02:26 AM | Attr = ]
flvbblbl.dll -> %System32%\flvbblbl.dll -> [Ver = | Size = 131604 bytes | Modified Date = 4/28/2007 4:14:26 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 256656 bytes | Modified Date = 4/28/2007 7:01:46 PM | Attr = ]
igpyatvg.dll -> %System32%\igpyatvg.dll -> [Ver = | Size = 49204 bytes | Modified Date = 4/28/2007 4:14:16 PM | Attr = ]
iiylfnwt.ini -> %System32%\iiylfnwt.ini -> [Ver = | Size = 833162 bytes | Modified Date = 5/20/2007 2:10:28 PM | Attr = HS]
jpcrysrs.dll -> %System32%\jpcrysrs.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/20/2007 2:13:38 PM | Attr = ]
jpqilwij.ini -> %System32%\jpqilwij.ini -> [Ver = | Size = 833486 bytes | Modified Date = 5/20/2007 2:06:42 PM | Attr = HS]
kiluxnjf.dll -> %System32%\kiluxnjf.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/11/2007 1:46:50 PM | Attr = ]
klnmp.bak1 -> %System32%\klnmp.bak1 -> [Ver = | Size = 1499751 bytes | Modified Date = 5/9/2007 12:33:24 PM | Attr = HS]
klnmp.bak2 -> %System32%\klnmp.bak2 -> [Ver = | Size = 1529522 bytes | Modified Date = 5/21/2007 3:21:32 PM | Attr = HS]
klnmp.ini -> %System32%\klnmp.ini -> [Ver = | Size = 1582703 bytes | Modified Date = 5/18/2007 1:35:14 PM | Attr = HS]
klnmp.ini2 -> %System32%\klnmp.ini2 -> [Ver = | Size = 1547529 bytes | Modified Date = 5/21/2007 4:51:22 PM | Attr = HS]
klnmp.tmp -> %System32%\klnmp.tmp -> [Ver = | Size = 1582703 bytes | Modified Date = 5/18/2007 1:29:44 PM | Attr = HS]
klnmp.tmp2 -> %System32%\klnmp.tmp2 -> [Ver = | Size = 0 bytes | Modified Date = 5/21/2007 4:51:32 PM | Attr = ]
mfqfptbf.ini -> %System32%\mfqfptbf.ini -> [Ver = | Size = 1463964 bytes | Modified Date = 5/6/2007 1:58:56 AM | Attr = HS]
mmsooceb.dll -> %System32%\mmsooceb.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/16/2007 3:41:02 PM | Attr = ]
neihaxey.ini -> %System32%\neihaxey.ini -> [Ver = | Size = 1464687 bytes | Modified Date = 5/10/2007 12:29:46 PM | Attr = HS]
pmnlk.dll -> %System32%\pmnlk.dll -> [Ver = | Size = 285268 bytes | Modified Date = 5/9/2007 12:31:38 PM | Attr = HS]
pxhpinst.exe -> %System32%\pxhpinst.exe -> [Ver = | Size = 53248 bytes | Modified Date = 4/28/2007 4:28:26 PM | Attr = ]
rpmoekat.ini -> %System32%\rpmoekat.ini -> [Ver = | Size = 1364 bytes | Modified Date = 5/6/2007 1:47:16 PM | Attr = HS]
rpmoekat.tmp -> %System32%\rpmoekat.tmp -> [Ver = | Size = 1364 bytes | Modified Date = 5/6/2007 1:47:16 PM | Attr = HS]
srsyrcpj.ini -> %System32%\srsyrcpj.ini -> [Ver = | Size = 833411 bytes | Modified Date = 5/21/2007 3:21:48 PM | Attr = HS]
srutv.ini -> %System32%\srutv.ini -> [Ver = | Size = 353 bytes | Modified Date = 5/9/2007 1:33:56 AM | Attr = HS]
ssqqoll.dll -> %System32%\ssqqoll.dll -> [Ver = | Size = 26678 bytes | Modified Date = 4/28/2007 4:07:58 PM | Attr = ]
Status.MPF -> %System32%\Status.MPF -> [Ver = | Size = 92192 bytes | Modified Date = 4/4/2007 11:28:50 AM | Attr = ]
tvekjdtx.dll -> %System32%\tvekjdtx.dll -> [Ver = | Size = 131604 bytes | Modified Date = 5/5/2007 3:58:10 PM | Attr = ]
typgpmty.ini -> %System32%\typgpmty.ini -> [Ver = | Size = 834542 bytes | Modified Date = 5/18/2007 9:29:06 PM | Attr = HS]
urqpolj.dll -> %System32%\urqpolj.dll -> [Ver = | Size = 26678 bytes | Modified Date = 4/28/2007 4:07:24 PM | Attr = ]
vturs.dll -> %System32%\vturs.dll -> [Ver = | Size = 285268 bytes | Modified Date = 5/9/2007 1:33:44 AM | Attr = HS]
vyadd.tmp -> %System32%\vyadd.tmp -> [Ver = | Size = 1416430 bytes | Modified Date = 5/3/2007 2:02:00 AM | Attr = HS]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/21/2007 3:20:44 PM | Attr = ]
xuhndept.ini -> %System32%\xuhndept.ini -> [Ver = | Size = 1124 bytes | Modified Date = 5/4/2007 11:52:28 AM | Attr = HS]
xyevgtfd.dll -> %System32%\xyevgtfd.dll -> [Ver = | Size = 131604 bytes | Modified Date = 5/6/2007 1:59:18 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\igpyatvg.dll -> [Ver = | Size = 49204 bytes | Modified Date = 4/28/2007 4:14:16 PM | Attr = ]
UPX! , -> %System32%\jpcrysrs.dll -> [Ver = | Size = 132660 bytes | Modified Date = 5/20/2007 2:13:38 PM | Attr = ]
UPX! , -> %System32%\kiluxnjf.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/11/2007 1:46:50 PM | Attr = ]
UPX! , -> %System32%\mmsooceb.dll -> [Ver = | Size = 49204 bytes | Modified Date = 5/16/2007 3:41:02 PM | Attr = ]
UPX! , -> %System32%\vturs.dll -> [Ver = | Size = 285268 bytes | Modified Date = 5/9/2007 1:33:44 AM | Attr = HS]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 10:35:40 AM | Attr = ]

< End of report >

#5 tim s

MRU Emeritus

Authentic Member
229 posts

Interests:Computers

Posted 21 May 2007 - 10:35 PM

Hi missionhill,

Thanks for posting log this is next:

Start WinPFind3U.
Copy/Paste the information that is inside of the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
NOTE*(make sure to just highlight and copy what is inside of the quote box nothing outside of it)

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> setup -> %System32%\jpcrysrs.dll [rundll32.exe "C:\WINDOWS\system32\jpcrysrs.dll",realset]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {E9FE24FA-3113-4A03-908E-FF71D5AC683C} [HKLM] -> %System32%\urqpolj.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> pmnlk -> %System32%\pmnlk.dll
YY -> urqpolj -> %System32%\urqpolj.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {3C8C738E-5D88-4A78-9BD0-DCF48D108835} [HKLM] -> %System32%\pmnlk.dll [Reg Data - Value does not exist]
YY -> {55DB983C-BDBF-426f-86F0-187B02DDA39B} [HKLM] -> %System32%\mmsooceb.dll [Reg Data - Value does not exist]
YY -> {6156F68E-2263-41B9-892A-E6ECE99B6444} [HKLM] -> %System32%\ddayv.dll [Reg Data - Value does not exist]
YY -> {E9FE24FA-3113-4A03-908E-FF71D5AC683C} [HKLM] -> %System32%\urqpolj.dll [Reg Data - Value does not exist]
YY -> {FB10E0EC-C7E5-4032-A899-8E2DC3177593} [HKLM] -> %System32%\ajmmlbgj.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 60 days]
NY -> ajmmlbgj.dll -> %System32%\ajmmlbgj.dll
NY -> cbxxyab.dll -> %System32%\cbxxyab.dll
NY -> flvbblbl.dll -> %System32%\flvbblbl.dll
NY -> igpyatvg.dll -> %System32%\igpyatvg.dll
NY -> jpcrysrs.dll -> %System32%\jpcrysrs.dll
NY -> kiluxnjf.dll -> %System32%\kiluxnjf.dll
NY -> pmnlk.dll -> %System32%\pmnlk.dll
NY -> urqpolj.dll -> %System32%\urqpolj.dll
[Files/Folders - Modified Within 60 days]
NY -> cbxxyab.dll -> %System32%\cbxxyab.dll
NY -> flvbblbl.dll -> %System32%\flvbblbl.dll
NY -> igpyatvg.dll -> %System32%\igpyatvg.dll
NY -> mmsooceb.dll -> %System32%\mmsooceb.dll
NY -> pmnlk.dll -> %System32%\pmnlk.dll
NY -> pxhpinst.exe -> %System32%\pxhpinst.exe
NY -> ssqqoll.dll -> %System32%\ssqqoll.dll
NY -> urqpolj.dll -> %System32%\urqpolj.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\igpyatvg.dll
NY -> UPX! , -> %System32%\jpcrysrs.dll
NY -> UPX! , -> %System32%\kiluxnjf.dll
NY -> UPX! , -> %System32%\mmsooceb.dll
NY -> UPX! , -> %System32%\vturs.dll

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished.
Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
NOTE* If for some reason Notepad does not open with log of actions taken. The log will be in the Winpfind3u folder and will have a name like this:
( mmddyyyy_hhmmss.log)

Just copy and paste that log in your next reply.

------------------------------------------------------------------------

This is next:
Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

------------------------------------------------------------------------

Please in your next reply:

Winpfind3 fix log will be formated like ( mmddyyyy_hhmmss.log)
C:\vundofix.txt
New HJT log.

Honors Graduate of MalWare Removal University - A Cooperative Effort with WhattheTech

#6 missionhill

New Member

New Member
6 posts

Posted 22 May 2007 - 08:57 AM

[Registry - Non-Microsoft Only] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\setup deleted successfully. File move failed. C:\WINDOWS\SYSTEM32\jpcrysrs.dll scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E9FE24FA-3113-4A03-908E-FF71D5AC683C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9FE24FA-3113-4A03-908E-FF71D5AC683C} deleted successfully. File move failed. C:\WINDOWS\SYSTEM32\urqpolj.dll scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk deleted successfully. File move failed. C:\WINDOWS\SYSTEM32\pmnlk.dll scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqpolj deleted successfully. File move failed. C:\WINDOWS\SYSTEM32\urqpolj.dll scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C8C738E-5D88-4A78-9BD0-DCF48D108835} not found. File move failed. C:\WINDOWS\SYSTEM32\pmnlk.dll scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55DB983C-BDBF-426f-86F0-187B02DDA39B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55DB983C-BDBF-426f-86F0-187B02DDA39B} deleted successfully. C:\WINDOWS\SYSTEM32\mmsooceb.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156F68E-2263-41B9-892A-E6ECE99B6444} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6156F68E-2263-41B9-892A-E6ECE99B6444} deleted successfully. File C:\WINDOWS\SYSTEM32\ddayv.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9FE24FA-3113-4A03-908E-FF71D5AC683C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9FE24FA-3113-4A03-908E-FF71D5AC683C} deleted successfully. File move failed. C:\WINDOWS\SYSTEM32\urqpolj.dll scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB10E0EC-C7E5-4032-A899-8E2DC3177593} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB10E0EC-C7E5-4032-A899-8E2DC3177593} deleted successfully. C:\WINDOWS\SYSTEM32\ajmmlbgj.dll moved successfully. [Files/Folders - Created Within 60 days] File C:\WINDOWS\SYSTEM32\ajmmlbgj.dll not found! File move failed. C:\WINDOWS\SYSTEM32\cbxxyab.dll scheduled to be moved on reboot. C:\WINDOWS\SYSTEM32\flvbblbl.dll moved successfully. C:\WINDOWS\SYSTEM32\igpyatvg.dll moved successfully. File move failed. C:\WINDOWS\SYSTEM32\jpcrysrs.dll scheduled to be moved on reboot. C:\WINDOWS\SYSTEM32\kiluxnjf.dll moved successfully. File move failed. C:\WINDOWS\SYSTEM32\pmnlk.dll scheduled to be moved on reboot. File move failed. C:\WINDOWS\SYSTEM32\urqpolj.dll scheduled to be moved on reboot. [Files/Folders - Modified Within 60 days] File move failed. C:\WINDOWS\SYSTEM32\cbxxyab.dll scheduled to be moved on reboot. File C:\WINDOWS\SYSTEM32\flvbblbl.dll not found! File C:\WINDOWS\SYSTEM32\igpyatvg.dll not found! File C:\WINDOWS\SYSTEM32\mmsooceb.dll not found! File move failed. C:\WINDOWS\SYSTEM32\pmnlk.dll scheduled to be moved on reboot. C:\WINDOWS\SYSTEM32\pxhpinst.exe moved successfully. File move failed. C:\WINDOWS\SYSTEM32\ssqqoll.dll scheduled to be moved on reboot. File move failed. C:\WINDOWS\SYSTEM32\urqpolj.dll scheduled to be moved on reboot. [File String Scan - Non-Microsoft Only] File C:\WINDOWS\SYSTEM32\igpyatvg.dll not found! File move failed. C:\WINDOWS\SYSTEM32\jpcrysrs.dll scheduled to be moved on reboot. File C:\WINDOWS\SYSTEM32\kiluxnjf.dll not found! File C:\WINDOWS\SYSTEM32\mmsooceb.dll not found! C:\WINDOWS\SYSTEM32\vturs.dll moved successfully. < End of log > Created on 05/22/2007 09:44:15

#7 missionhill

New Member

New Member
6 posts

Posted 22 May 2007 - 09:24 AM

It seems to be working so thanks a million and here's the hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:21:50 AM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060913
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060913
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F103A6BB-7282-4B7A-9C56-7B333AEDB227} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#8 tim s

MRU Emeritus

Authentic Member
229 posts

Interests:Computers

Posted 22 May 2007 - 07:06 PM

Hi missionhill,

It seems to be working so thanks a million and here's the hijackthis log.

Your log does look better did you run Vundofix I don't see log it produces, need to make sure it does not find anything.

This are same instructions from previous post:

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Honors Graduate of MalWare Removal University - A Cooperative Effort with WhattheTech

#9 missionhill

New Member

New Member
6 posts

Posted 23 May 2007 - 11:52 AM

I scanned it again with the vundo fix and nothing came up. I think it may be gone. Thanks again.

#10 tim s

MRU Emeritus

Authentic Member
229 posts

Interests:Computers

Posted 23 May 2007 - 05:48 PM

Hi missionhill,

I scanned it again with the vundo fix and nothing came up. I think it may be gone. Thanks again.

That is good to hear, but with the infection that was on your computer there are usaully leftovers that need to be removed so we need to run scan with next tool.

First A leftover from your last HJT log posted that needs fixing:

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
O2 - BHO: (no name) - {F103A6BB-7282-4B7A-9C56-7B333AEDB227} - C:\WINDOWS\system32\pmnlk.dll (file missing)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

----------------------------------------------------------------

Here we are going to clean out cookies and temp files from your computer.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here It will start to download automatically. If ask if you want to download let it. Save to your Desktop.
Note: If you get and Error page from this link.
Try again you will see this message Your download of CCleaner will automatically start in 5 seconds. Click here if it does not do not wait go ahead and click on it.

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Follow prompts to install finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the Windows tab, under Internet Explorer,
All Boxes should have a check mark. (You will need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit).

On the Windows tab, under Windows Explorer,
All Boxes should have a check mark.

On the Windows tab, under System,
All Boxes should have a check mark.

On the Windows tab, under Advanced,
NO check marks

[*]If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla. If already checked move to next step.
[*]Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
[*]Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
[*]Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
[*]After CCleaner has completed its process, click Exit.
[*] You will need to reboot here if not ask to do so.
[/list]_______________________________

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Here we are going to just make sure this tool is setup correctly Do not run scan yet.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Click on Scanner on the toolbar at top of this screen.
- Click on the Settings tab.
  - Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should fix screen a little better.

Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button.(3)

When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop. I will need you to post this in your next reply.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

---------------------------------------------------------

Please post in next reply:
AVG scan report
New HJT log

Honors Graduate of MalWare Removal University - A Cooperative Effort with WhattheTech

#11 tim s

MRU Emeritus

Authentic Member
229 posts

Interests:Computers

Posted 26 May 2007 - 09:19 PM

Hi missionhill, Are you still needing help?

Honors Graduate of MalWare Removal University - A Cooperative Effort with WhattheTech

#12 Shaba

Advanced Member

Authentic Member
769 posts

Posted 13 June 2007 - 11:04 AM

Due to the lack of feedback this Topic is closed. If you need help please start a new thread and post a new HJT log

UNITE and ASAP member since 2006

Body Background

skin color theme