Hi, Crunchie,
I have four reports for you to look at. One of them definitely shows problems:
First, the HiJackThis log using their latest software:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:07 PM, on 10/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD
2004\EDICT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\Documents and Settings\John Zechiel\Desktop\BiJaciThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.mlb.com/");
(C:\Documents and Settings\JOHN ZECHIEL\Application
Data\Mozilla\Profiles\default\o8dohl6q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_0
2.src"); (C:\Documents and Settings\JOHN ZECHIEL\Application
Data\Mozilla\Profiles\default\o8dohl6q.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {535FED16-8B15-407F-B56C-1F516F2F3591} -
C:\WINDOWS\System32\mlljk.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program
Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} -
C:\WINDOWS\System32\xnqdhfii.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices
\Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active
Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
/runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe
"C:\WINDOWS\System32\qnplnhys.dll",sitypnow
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne
Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google
Talk\googletalk.exe" /autostart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program
Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Net DDE.lnk = C:\WINDOWS\system32\netdde.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} -
C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .html: C:\Program Files\Netscape\Netscape
Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System
Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_
site.cab?1191450472234
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O18 - Protocol: msell2 - {9367D24B-8506-471A-915A-CFBB4BCEB631} - C:\Program
Files\Common Files\Microsoft Shared\Reference Titles\MSELL2.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program
Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program
files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: tbaspi - Voyetra Turtle Beach, Inc. - C:\Program Files\Turtle
Beach\AudioStation\tbaspi.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 -
C:\PROGRA~1\TURTLE~1\AUDIOS~1\x10nets.exe
--
End of file - 7370 bytes
=======================================
Next the scan on netdde.exe
File to upload & scan: Virus
Service
Service load:
0% 100%
File: netdde.exe
Status:
OK
MD5: f2231f717daca380856ec3256a4da8b7
Packers detected:
-
Bit9 reports: No threat detected, but known vulnerabilities exist (more info)
Scanner results
Scan taken on 10 Oct 2007 04:03:54 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
=========================
I had my son do a scan of a very suspicious DLL that appears in this system32 directory, that was created yesterday! Here's that report:
Service load:
0% 100%
File: qnplnhys.dll
Status:
INFECTED/MALWARE
MD5: da539b0ddec6204137717cca9e34533c
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 10 Oct 2007 04:07:01 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Dldr.ConHook.Gen
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Lop
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found Win32/Adware.Virtumonde application
Norman Virus Control
Found Vundo.gen41
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
===================================
Finally, here's the silent running report:
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RealPlayer" = ""C:\Program Files\Real\RealOne Player\realplay.exe"
/RunUPGToolCommandReBoot" ["RealNetworks, Inc."]
"googletalk" = ""C:\Program Files\Google\Google Talk\googletalk.exe" /autostart"
["Google"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"USRpdA" = "C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA"
["U.S. Robotics Corporation"]
"IMONTRAY" = "C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe"
[empty string]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot" ["RealNetworks, Inc."]
"AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"" ["Roxio"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
["ATI Technologies, Inc."]
"mcagent_exe" = "C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
["McAfee, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple
Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"SearchIndexer" = "rundll32.exe "C:\WINDOWS\System32\qnplnhys.dll",sitypnow"
[MS]
"TraySantaCruz" = "C:\WINDOWS\system32\tbctray.exe" ["Voyetra Turtle Beach,
Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath =
"C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{535FED16-8B15-407F-B56C-1F516F2F3591}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\mlljk.dll"
[null data]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
-> {HKLM...CLSID} = "scriptproxy"
\InProcServer32\(Default) = "C:\Program
Files\McAfee\VirusScan\scriptsn.dll" ["McAfee, Inc."]
{89AD4D75-2429-462e-BD4E-443F233F6033}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) =
"C:\WINDOWS\System32\xnqdhfii.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
["Hilgraeve, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne
Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealOne
Player\rpshellext.dll" ["RealNetworks"]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon
Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft
Office\Office\soa800.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"
-> {HKLM...CLSID} = "Microsoft Office Binder Explode"
\InProcServer32\(Default) = "C:\Program Files\Microsoft
Office\Office\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon
Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft
Office\Office\olkfstub.dll" [MS]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension"
\InProcServer32\(Default) =
"C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{B988C8B2-373B-11CF-B6E0-00AA00BBBA9E}" = "ICCompPropPage"
-> {HKLM...CLSID} = "ImageComposer.CompositionPropertyPage"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Image
Composer\SERVER.DLL" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program
Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}"
-> {HKLM...CLSID} = "CtxMenu Class"
\InProcServer32\(Default) = "C:\Program
Files\McAfee\VirusScan\mcctxmnu.dll" ["McAfee, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}"
-> {HKLM...CLSID} = "CtxMenu Class"
\InProcServer32\(Default) = "C:\Program
Files\McAfee\VirusScan\mcctxmnu.dll" ["McAfee, Inc."]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\John Zechiel\Local Settings\Application
Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\John Zechiel\Local Settings\Application
Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\sspipes.scr" [MS]
Startup items in "John Zechiel" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]
"Microsoft Find Fast" -> shortcut to: "C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE" [MS]
"Microsoft Office Shortcut Bar" -> shortcut to: "C:\Program Files\Microsoft
Office\Office\MSOFFICE.EXE" [MS]
"Net DDE" -> shortcut to: "C:\WINDOWS\system32\netdde.exe" [MS]
"Office Startup" -> shortcut to: "C:\Program Files\Microsoft
Office\Office\OSA.EXE -b" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Ca
talog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Cat
alog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Encarta &Researcher"
\InProcServer32\(Default) = "C:\Program Files\Common
Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{9455301C-CF6B-11D3-A266-00C04F689C50}\
"ButtonText" = "Researcher"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI
Technologies Inc."]
Intel(R) Active Monitor, imonNT, "C:\Program Files\Intel\Intel(R) Active
Monitor\imonnt.exe" ["Intel Corp."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe""
["Apple Inc."]
McAfee Network Agent, McNASvc, ""c:\program files\common
files\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]
McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe"
["McAfee, Inc."]
McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe"
["McAfee, Inc."]
McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee,
Inc."]
McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe"
["McAfee, Inc."]
tbaspi, tbaspi, "C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe"
["Voyetra Turtle Beach, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe"
[MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP LaserJet 5 Language Monitor\Driver = "HPDCMON.DLL" ["Hewlett-Packard"]
HPZLNT09\Driver = "hpzlnt09.dll" ["HP"]
LPR Port\Driver = "lprmon.dll" [MS]
PDF Port\Driver = "C:\WINDOWS\System32\pdfports.dll" ["Adobe Systems
Incorporated."]
---------- (launch time: 2007-10-09 21:13:35)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 308 seconds, including 15 seconds for message
boxes)
==============
Many thanks for all your help. Visit me at http://www.zechiel.com if you want to see me (David) and my poor son (John).
Sincerely,
David Zechiel
