Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis log - need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis log - need help

Unread postby scottp » April 15th, 2007, 2:51 pm

I hope somebody can help me. I have nasty malware and have tried a lot of different things and it always comes back. I get the ManiaTv and other video feeds, etc. without warning.

thanks,

Scott





Logfile of HijackThis v1.99.1
Scan saved at 11:39:46 AM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft IntelliPoint\bak\point32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Siber Systems\AI RoboForm\Passcards.exe
C:\WINDOWS\system32\DllHost.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c157892a-81f5-445c-a5e7-04439e197413} - C:\WINDOWS\system32\expmpr.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M

-c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe "C:\Documents and Settings\Scott\Local Settings\Application

Data\Intuit\QuickBooks\Log\DBStartup.log" -y
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\awtsqp.dll",realset
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - Startup: dialog tracker.lnk = C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComOptions.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComEditPass.html
O9 - Extra button: XWins - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IECloseWindows - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: IEHelp - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IEHelper - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://vault.alamode.com
O15 - Trusted Zone: http://www.socalappraisal.net
O15 - Trusted Zone: *.wwwalamode.com
O15 - Trusted Zone: http://www.xsitesnetwork.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {31BF1A1B-D895-4CF4-911B-E2C5E7BBECA0} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {626FE447-E830-4F76-A024-41A20EEECF1A} (RyzeAddrCtrl Class) - http://www.ryze.com/RyzeAddr.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 3447951145
O16 - DPF: {999D162F-1319-48F0-A7DB-886C582EE2C6} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - https://vault.alamode.com/cab/vfd.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB
O16 - DPF: {B9D71543-E32B-4EAD-83C1-5B4001B0CE80} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C38F2056-BBEE-4FFA-BD07-588081487B32} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} (alaWeb5.cUtil) - file://C:\WIN2000\CONTENT\cabs\alaWeb5.CAB
O16 - DPF: {DDC55619-838F-4CA8-85E8-56EB8E0846FA} (CCRUMIEConnector Class) - http://boltpeters.com/ethnio/EthnioParticipant.CAB
O16 - DPF: {E536CDD9-E068-4DB7-95B0-C68DDE08ED3B} - http://vault.alamode.com/cab/vaultinstall.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\Software\..\Telephony: DomainName = pettifer
O17 - HKLM\System\CCS\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS1\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS2\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL
O20 - Winlogon Notify: expmpr - C:\WINDOWS\SYSTEM32\expmpr.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: MSSQL$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" -sALAMODE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE" -i ALAMODE (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA
Advertisement
Register to Remove

Unread postby tim s » April 18th, 2007, 6:09 pm

Hello scottp,

Welcome to the MalWare Removal forums! Sorry for the delay in getting a reply.
I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly

----------------------------------------------------------------

Please do the following.

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1.Start HijackThis

Image

2. Click on the Open the Misc tool section button
3. Click on the Misc Tools button

Image

4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save list button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Note: please uncheck word wrap under format in notepad

Post HJT Uninstall list in next reply

---------------------------------------------------------------------------


Please disable programs that can interfere with fix.

Disable SpywareDoctor's realtime protection.

  • Open Spyware Doctor
  • Click the "OnGuard" button on the left side.
  • Uncheck "Activate OnGuard".
  • Exit the program.

--------------------------------------------------------------------

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

---------------------------------------------------------------------

Please post in your next reply to this thread theses:

HJT uninstall list
C:\vundofix.txt
A new HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby scottp » April 19th, 2007, 1:17 pm

Per your instructions, the vundo files could not be removed after attempting severing times and rebooting. Also, I have Spyware Doctor disabled as Version 5.0 slows my machine down to a crawl. Thanks again.

Scott




@Value Cash Flow Analysis Suite 5.5
@Value Narrative 4.0
@Value PDF Writer
a la mode Vault
Adams Streetwise Letters 1.0
Ad-Aware SE Personal
Add Email Address for Outlook
Adobe Acrobat 7.0.5 Professional
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop 6.0
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
AI RoboForm (All Users)
AI RoboForm for Pocket PC
ALPS Touch Pad Driver
America Online (Choose which version to remove)
Apex IV (TM) Appraiser - v2.9
ASAP Utilities
Attachment Save
Auto Print for Outlook
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
AVG 7.5
BL 2001 Registration
BlackBerry Desktop Software 4.1
BlackBerry Desktop Software 4.1
BlackBerry v4.1.0 for the 8700 Series Wireless Handheld
Bluetooth Stack for Windows by Toshiba
Business Contact Manager for Outlook 2003
CardScan 6.0.4
CD/DVD Drive Acoustic Silencer
ClearEdits
Dictionary
Diskeeper Professional Edition
Drag'n Drop CD+DVD
Dragon NaturallySpeaking 8
DVD-RAM Driver
Email Reminders for Outlook
ExplorerPlus 6
Fast Directory Finder
Google Desktop
Google Desktop System Monitor Plugin
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Web Accelerator
GPS Information
Hide Fax Numbers for Outlook
HijackThis 1.99.1
Hotfix for Windows XP (KB890927)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB915865)
ieSpell 2.0.1 (build 325)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wireless
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
KB2005
KeyMaestro Input Device Driver V2.0.W-127AC MUL
LaserJet 1020 series
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Locked Programs
Logitech Harmony Remote Software V5
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft ActiveSync 3.8
Microsoft Data Access Components KB870669
Microsoft Easy Assist
Microsoft Office Live Meeting 2005
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Outlook Web Access S/MIME
Microsoft SQL Server Desktop Engine (ALAMODE)
Microsoft Visual C++ Redist - ENU
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
NVIDIA Windows 2000/XP Display Drivers
Olympus DSS Player Pro
Opera 9.0
Paint Shop Pro 5.01
PDF-XChange 3
Picasa 2
PrintMe Driver for Windows
QBFC3.0
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken Business Lawyer 2001
RealPlayer
Registry Mechanic 6.0
Report Concierge 1.0.426
Report Concierge Live Update
RoadRunner
RogueRemover PRO
Samsung CLP-550 Series
ScanSoft PDF Converter 2.0
Schedule Recurring Email for Outlook
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SnagIt 7
SoundMAX
Spyware Doctor 5.0
SupportSoft Assisted Service
The Plain-Language Law Dictionary
TOSHIBA Audio Effect
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA Dual Pointing Device Utility
TOSHIBA Fax Extension
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA IPPhone
TOSHIBA Mobile Extension3 for Windows XP V3.59.00.XP
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
Toshiba Tbiosdrv Driver
TOSHIBA Utilities
TOSHIBA Zooming Utility
UltraMon
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Viewpoint Media Player
Virtual Earth 3D (Beta)
Watch Outlook Folders for Outlook
WaveL Pic2Pic
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Resource Kit Tools - SubInAcl.exe
Windows SD Host Controller Driver
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Wireless Hotkey




VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 8:32:48 PM 4/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\expmpr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\expmpr.dll
C:\WINDOWS\system32\expmpr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 8:51:46 PM 4/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\expmpr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\expmpr.dll
C:\WINDOWS\system32\expmpr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\expmpr.dll
C:\WINDOWS\system32\expmpr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 9:07:03 PM 4/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\expmpr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\expmpr.dll
C:\WINDOWS\system32\expmpr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\expmpr.dll
C:\WINDOWS\system32\expmpr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...




Logfile of HijackThis v1.99.1
Scan saved at 9:49:36 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp55.tmp.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c157892a-81f5-445c-a5e7-04439e197413} - C:\WINDOWS\system32\expmpr.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe "C:\Documents and Settings\Scott\Local Settings\Application Data\Intuit\QuickBooks\Log\DBStartup.log" -y
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\opolll.dll",realset
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: dialog tracker.lnk = C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: XWins - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IECloseWindows - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: IEHelp - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IEHelper - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://vault.alamode.com
O15 - Trusted Zone: http://www.socalappraisal.net
O15 - Trusted Zone: *.wwwalamode.com
O15 - Trusted Zone: http://www.xsitesnetwork.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {31BF1A1B-D895-4CF4-911B-E2C5E7BBECA0} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {626FE447-E830-4F76-A024-41A20EEECF1A} (RyzeAddrCtrl Class) - http://www.ryze.com/RyzeAddr.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3447951145
O16 - DPF: {999D162F-1319-48F0-A7DB-886C582EE2C6} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - https://vault.alamode.com/cab/vfd.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB
O16 - DPF: {B9D71543-E32B-4EAD-83C1-5B4001B0CE80} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C38F2056-BBEE-4FFA-BD07-588081487B32} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} (alaWeb5.cUtil) - file://C:\WIN2000\CONTENT\cabs\alaWeb5.CAB
O16 - DPF: {DDC55619-838F-4CA8-85E8-56EB8E0846FA} (CCRUMIEConnector Class) - http://boltpeters.com/ethnio/EthnioParticipant.CAB
O16 - DPF: {E536CDD9-E068-4DB7-95B0-C68DDE08ED3B} - http://vault.alamode.com/cab/vaultinstall.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\Software\..\Telephony: DomainName = pettifer
O17 - HKLM\System\CCS\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS1\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS2\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL
O20 - Winlogon Notify: expmpr - C:\WINDOWS\SYSTEM32\expmpr.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" -sALAMODE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE" -i ALAMODE (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA

Unread postby tim s » April 19th, 2007, 7:55 pm

Hello scottp,

Ok this file doesn't want to be removed before we pull out the big guns to take care of this I need to see more.

I need you to run this tool to show things that HiJackThis doesn't. I need to see what else maybe hiding.

Please do the following.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within-----
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within-----
    • Click on 60 days
  • Next on the right side of screen Under Additional Scans
    • Put a checkmark in the box next to Reg-ControlSets
    • Put a checkmark in the box next to Reg-File Associations
    • Put a checkmark in the box next to Reg-Security Settings
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby scottp » April 20th, 2007, 4:28 am

Here is the WinPfind3U.exe. log. I assumed since you did not mention it, that the box (non-Microsoft) should remain checked. I ran it the other wau too if you need that.

thanks

scott

WinPFind3 logfile created on: 4/20/2007 12:41:39 AM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Scott\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1023.30 Mb Total Physical Memory | 461.28 Mb Available Physical Memory | 45.08% Memory free
2.41 Gb Paging File | 1.74 Gb Available in Paging File | 72.23% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.97 Gb Free Space | 10.64% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 111.81 Gb Total Space | 46.26 Gb Free Space | 41.37% Space Free

Computer Name: KOBETOSHIBA
Current User Name: Scott
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
1xconfig.exe -> %System32%\1XConfig.exe -> Intel [Ver = 8, 0, 0, 161 | Size = 184320 bytes | Modified Date = 12/16/2003 4:43:06 PM | Attr = ]
acsd.exe -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 12:16:02 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/17/2007 3:31:58 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/17/2007 3:32:00 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/11/2006 10:03:54 AM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 12/2/2003 6:05:54 PM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 7/26/2005 5:51:22 PM | Attr = ]
dm1service.exe -> %ProgramFiles%\Olympus\DeviceDetector\DM1Service.exe -> OLYMPUS Corporation [Ver = 1, 2, 0, 1 | Size = 65536 bytes | Modified Date = 3/1/2004 2:39:26 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 2:38:26 PM | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 2:48:34 PM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.13372 | Size = 1862144 bytes | Modified Date = 3/22/2007 5:38:26 PM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.13372 | Size = 1862144 bytes | Modified Date = 3/22/2007 5:38:26 PM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.13372 | Size = 1862144 bytes | Modified Date = 3/22/2007 5:38:26 PM | Attr = ]
googlewebaccclient.exe -> %ProgramFiles%\Google\Web Accelerator\googlewebaccclient.exe -> [Ver = | Size = 1679360 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
googlewebaccwarden.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [Ver = | Size = 655360 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4634 | Size = 77824 bytes | Modified Date = 12/10/2003 7:50:00 AM | Attr = ]
nxdlghlp.exe -> %ProgramFiles%\Novatix\ExplorerPlus\Nxdlghlp.exe -> Novatix Corporation [Ver = 6.0.0.1 | Size = 65536 bytes | Modified Date = 10/14/2003 8:15:46 AM | Attr = ]
nxexplo.exe -> %ProgramFiles%\Novatix\ExplorerPlus\NxExplo.exe -> [Ver = | Size = 1130496 bytes | Modified Date = 4/23/2004 5:20:00 AM | Attr = ]
qbupdate.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 17.0 R6 | Size = 972320 bytes | Modified Date = 3/1/2007 4:55:18 AM | Attr = ]
regsrvc.exe -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Modified Date = 12/16/2003 4:41:40 PM | Attr = ]
robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-1 | Size = 160832 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
s24evmon.exe -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Modified Date = 12/16/2003 4:42:32 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.0.33 | Size = 809040 bytes | Modified Date = 4/11/2007 9:36:52 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 5:50:10 PM | Attr = ]
snagit32.exe -> %ProgramFiles%\TechSmith\SnagIt 7\SnagIt32.exe -> TechSmith Corporation [Ver = 7.2.5.0 | Size = 3719168 bytes | Modified Date = 10/14/2005 8:25:00 AM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.19 | Size = 707664 bytes | Modified Date = 4/11/2007 9:36:42 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.56 | Size = 1301584 bytes | Modified Date = 4/11/2007 9:36:48 PM | Attr = ]
swupdtmr.exe -> %SystemDrive%\Toshiba\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 10/21/2003 12:26:14 PM | Attr = ]
tmesbs32.exe -> %ProgramFiles%\Toshiba\TME3\tmesbs32.exe -> TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Modified Date = 8/1/2003 3:56:02 PM | Attr = ]
tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 44, 0 | Size = 126976 bytes | Modified Date = 12/9/2003 9:50:54 PM | Attr = ]
tschelp.exe -> %ProgramFiles%\TechSmith\SnagIt 7\TSCHelp.exe -> TechSmith Corporation [Ver = 1.0.0 | Size = 26112 bytes | Modified Date = 1/7/2005 5:23:06 PM | Attr = ]
ultramon.exe -> %ProgramFiles%\UltraMon\UltraMon.exe -> Realtime Soft [Ver = 2.7.0.0 | Size = 304640 bytes | Modified Date = 9/27/2006 10:38:52 PM | Attr = ]
ultramontaskbar.exe -> %ProgramFiles%\UltraMon\UltraMonTaskbar.exe -> Realtime Soft [Ver = 2.7.0.0 | Size = 258048 bytes | Modified Date = 9/27/2006 10:39:08 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:27:44 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
zcfgsvc.exe -> %System32%\ZCfgSvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 376832 bytes | Modified Date = 12/16/2003 4:47:42 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 5/30/2005 12:40:36 AM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 12:16:02 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/17/2007 3:31:58 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/11/2006 10:03:54 AM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 12/2/2003 6:05:54 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 7/26/2005 5:51:22 PM | Attr = ]
(DM1Service) DM1Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Olympus\DeviceDetector\DM1Service.exe -> OLYMPUS Corporation [Ver = 1, 2, 0, 1 | Size = 65536 bytes | Modified Date = 3/1/2004 2:39:26 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 2:38:26 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 2:48:24 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4634 | Size = 77824 bytes | Modified Date = 12/10/2003 7:50:00 AM | Attr = ]
(QBCFMonitorService) QBCFMonitorService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 1.0.2616.5547 | Size = 20480 bytes | Modified Date = 3/1/2007 4:04:58 AM | Attr = ]
(QBFCService) Intuit QuickBooks FCS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> Intuit Inc. [Ver = 1.1.0.5 | Size = 65536 bytes | Modified Date = 11/9/2006 4:30:14 PM | Attr = ]
(QuickBooksDB17) QuickBooksDB17 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intuit\QuickBooks 2005\QBDBMgrN.exe -> iAnywhere Solutions, Inc. [Ver = 9.0.2.3267 | Size = 128536 bytes | Modified Date = 9/13/2006 11:32:12 AM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Modified Date = 12/16/2003 4:41:40 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Modified Date = 12/16/2003 4:42:32 PM | Attr = ]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.19 | Size = 707664 bytes | Modified Date = 4/11/2007 9:36:42 PM | Attr = ]
(sdCoreService) Spyware Doctor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.56 | Size = 1301584 bytes | Modified Date = 4/11/2007 9:36:48 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 5:50:10 PM | Attr = ]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\Toshiba\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 10/21/2003 12:26:14 PM | Attr = ]
(Tmesbs) Tmesbs32 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\tmesbs32.exe -> TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Modified Date = 8/1/2003 3:56:02 PM | Attr = ]
(Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 44, 0 | Size = 126976 bytes | Modified Date = 12/9/2003 9:50:54 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:27:44 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/17/2007 3:32:00 AM | Attr = ]
BootService -> %SystemRoot%\byyyay.dll [rundll32.exe "C:\WINDOWS\byyyay.dll",realset] -> [Ver = | Size = 106767 bytes | Modified Date = 4/19/2007 8:18:40 PM | Attr = ]
DiskeeperSystray -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 184408 bytes | Modified Date = 7/26/2005 5:52:24 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.13372 | Size = 1862144 bytes | Modified Date = 3/22/2007 5:38:26 PM | Attr = ]
QuickBooksDB17 -> C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe "%LocalAppData%\Intuit\QuickBooks\Log\DBStartup.log -> File not found
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.0.33 | Size = 809040 bytes | Modified Date = 4/11/2007 9:36:52 PM | Attr = ]
SoundService -> %SystemRoot%\hggede.DLL [rundll32.exe "C:\WINDOWS\hggede.dll",setvm] -> File not found
The Assistant -> %ProgramFiles%\a la mode\Sched\eSched.exe -> File not found
UltraMon -> %ProgramFiles%\UltraMon\UltraMon.exe -> Realtime Soft [Ver = 2.7.0.0 | Size = 304640 bytes | Modified Date = 9/27/2006 10:38:52 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-1 | Size = 160832 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.7 | Size = 307200 bytes | Modified Date = 8/18/2005 12:49:06 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 11/5/2005 8:15:14 PM | Attr = R ]
%AllUsersStartup%\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 17.0 R6 | Size = 972320 bytes | Modified Date = 3/1/2007 4:55:18 AM | Attr = ]
%AllUsersStartup%\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [Ver = | Size = 655360 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
%AllUsersStartup%\SnagIt 7.lnk -> %ProgramFiles%\TechSmith\SnagIt 7\SnagIt32.exe -> TechSmith Corporation [Ver = 7.2.5.0 | Size = 3719168 bytes | Modified Date = 10/14/2005 8:25:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Scott\Start Menu\Programs\Startup
%UserStartup%\dialog tracker.lnk -> %ProgramFiles%\Novatix\ExplorerPlus\Nxdlghlp.exe -> Novatix Corporation [Ver = 6.0.0.1 | Size = 65536 bytes | Modified Date = 10/14/2003 8:15:46 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.703.13372 | Size = 143360 bytes | Modified Date = 3/22/2007 5:38:34 PM | Attr = ]
C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL -> %ProgramFiles%\Google\Web Accelerator\fastsearch.dll -> Google Inc. [Ver = 1, 0, 0, 29 | Size = 364544 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
expmpr -> %System32%\expmpr.dll -> [Ver = | Size = 19718 bytes | Modified Date = 3/18/2007 7:59:34 PM | Attr = ]
Sebring -> %System32%\LgNotify.dll -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 110592 bytes | Modified Date = 12/16/2003 4:49:34 PM | Attr = ]
< HOSTS File > (51072 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.toshiba.com ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Search Bar -> http://www.google.com/ie ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://google.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
//wellsfargo.exactbid.com [htttps] -> ->
vault_alamode.com [http] -> ->
cbt_ebanking-services.com [https] -> ->
webclient_myblackberry.us [https] -> ->
www_socalappraisal.net [http] -> ->
wwwalamode.com [*] -> ->
www_xsitesnetwork.com [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 10:12:08 PM | Attr = ]
{11359F4A-B191-42d7-905A-594F8CF0387B} [HKLM] -> %SystemRoot%\Downloaded Program Files\CONFLICT.1\lexbar.dll [Dictionary.com] -> [Ver = | Size = 270336 bytes | Modified Date = 2/6/2003 8:16:34 AM | Attr = ]
{1557B435-8242-4686-9AA3-9265BF7525A4} [HKLM] -> %System32%\tmp55.tmp.dll [Reg Data - Value does not exist] -> [Ver = | Size = 37938 bytes | Modified Date = 4/18/2007 1:04:20 PM | Attr = ]
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [Ver = | Size = 237568 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Data - Value does not exist] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
{7c1ce531-09e9-4fc5-9803-1c2956615786} [HKLM] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIE.dll [IeCaptureBho Object] -> Google [Ver = 5.1.703.13372 | Size = 108032 bytes | Modified Date = 3/22/2007 5:38:28 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
{c157892a-81f5-445c-a5e7-04439e197413} [HKLM] -> %System32%\expmpr.dll [Reg Data - Value does not exist] -> [Ver = | Size = 19718 bytes | Modified Date = 3/18/2007 7:59:34 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{11359F4A-B191-42D7-905A-594F8CF0387B} [HKLM] -> %SystemRoot%\Downloaded Program Files\CONFLICT.1\lexbar.dll [Dictionary.com] -> [Ver = | Size = 270336 bytes | Modified Date = 2/6/2003 8:16:34 AM | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
{724d43a0-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 237568 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 237568 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKLM] -> [&Links] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -> %ProgramFiles%\ieSpell\iespell.dll\SPELLCHECK.HTM [ButtonText: ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKLM] -> Reg Data - Key not found [MenuText: ieSpell Options] -> File not found
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [ButtonText: Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [ButtonText: Save] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F4C} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComOptions.htm [ButtonText: Options] -> File not found
{45DB34C3-955C-11D3-ABEF-444553540001} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComEditPass.htm [ButtonText: Passcards] -> File not found
{53A008B9-E8B5-4d83-87D9-D444C3F496CF} -> Reg Data - Value does not exist [ButtonText: XWins] -> File not found
{724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [ButtonText: RoboForm] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{EA858A55-5185-4079-8721-507905E37CD4} -> Reg Data - Value does not exist [ButtonText: IEHelp] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&ieSpell Options -> %ProgramFiles%\ieSpell\iespell.dll\SPELLOPTION.HTM -> File not found
Check &Spelling -> %ProgramFiles%\ieSpell\iespell.dll\SPELLCHECK.HTM -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Customize Menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Fill Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm -> File not found
Open PDF in Word (PDF Converter 2.0) -> %ProgramFiles%\ScanSoft\PDF Converter 2.0\IEShellExt.dll -> ScanSoft, Inc. [Ver = 2.0.2004.4294 | Size = 40960 bytes | Modified Date = 4/29/2004 9:58:50 AM | Attr = ]
RoboForm Toolbar -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm -> File not found
Save Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm -> File not found
Search &Dictionary -> %ProgramFiles%\Lexico\Toolbar\dictionary.htm -> [Ver = | Size = 1103 bytes | Modified Date = 1/11/2003 10:23:38 AM | Attr = ]
Search &Thesaurus -> %ProgramFiles%\Lexico\Toolbar\thesaurus.htm -> [Ver = | Size = 1104 bytes | Modified Date = 1/11/2003 10:24:04 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
image_azv -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{00971FC6-A25C-4D74-9C1E-9F1008A319BD} -> 10.10.10.200,65.106.1.196,65.106.7.196 (Intel(R) PRO/1000 MT Mobile Connection) ->
{05A2D896-57D4-4E95-8451-28A02EC3C2C2} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{08C74418-A496-4E76-8E1E-D061794E858D} -> (Intel(R) PRO/Wireless 2100 LAN 3B Mini PCI Adapter) ->
{7E0A5240-3ECB-455E-9344-822244FA20AA} -> () ->
{F8CAAA42-DB74-4EA9-B5C1-362F6A855FA9} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000038 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000039 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
x-excid -> %SystemRoot%\Downloaded Program Files\mimectl.dll -> [Ver = | Size = 370688 bytes | Modified Date = 4/2/2004 1:05:30 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01113300-3E00-11D2-8470-0060089874ED} -> Support.com Configuration Class - CodeBase = http://activation.rr.com/install/downloads/tgctlcm.cab ->
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} -> SentinelVE3D Class - CodeBase = http://download.microsoft.com/download/ ... arth3D.cab ->
{106E49CF-797A-11D2-81A2-00E02C015623} -> AlternaTIFF ActiveX - CodeBase = http://www.alternatiff.com/install/00/alttiff.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=48835 ->
{1842B0EE-B597-11D4-8997-00104BD12D94} -> iCC Class - CodeBase = http://www.pcpitstop.com/internet/pcpConnCheck.cab ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab ->
{31BF1A1B-D895-4CF4-911B-E2C5E7BBECA0} -> alaImportExport.ImportExport - CodeBase = http://wbsvc.alamode.com/ImportExport/ImportExport.CAB ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdat ... /opuc3.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.av.aol.com/molbin/share ... insctl.cab ->
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} -> Remote Access ActiveX Client - CodeBase = https://secure.logmein.com/activex/RACtrl.cab ->
{626FE447-E830-4F76-A024-41A20EEECF1A} -> RyzeAddrCtrl Class - CodeBase = http://www.ryze.com/RyzeAddr.CAB ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 3447951145 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{999D162F-1319-48F0-A7DB-886C582EE2C6} -> - CodeBase = file://Z:\CONTENT\cabs\alaWeb.CAB ->
{A7DB6550-3269-11D4-8C30-0001023CA9DC} -> Vault Files Downloader - CodeBase = https://vault.alamode.com/cab/vfd.cab ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab ->
{AED6797A-D608-11D4-89D2-00105AA3C57F} -> alaGrid.TechDocSearch - CodeBase = file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB ->
{B9D71543-E32B-4EAD-83C1-5B4001B0CE80} -> - CodeBase = file://Z:\CONTENT\cabs\alaWeb.CAB ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase = http://download.av.aol.com/molbin/share ... cgdmgr.cab ->
{C38F2056-BBEE-4FFA-BD07-588081487B32} -> alaImportExport.ImportExport - CodeBase = http://wbsvc.alamode.com/ImportExport/ImportExport.CAB ->
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_04 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CD27EEF6-55B8-4F24-99C5-E1191D814445} -> alaWeb5.cUtil - CodeBase = file://C:\WIN2000\CONTENT\cabs\alaWeb5.CAB ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{DDC55619-838F-4CA8-85E8-56EB8E0846FA} -> CCRUMIEConnector Class - CodeBase = http://boltpeters.com/ethnio/EthnioParticipant.CAB ->
{E536CDD9-E068-4DB7-95B0-C68DDE08ED3B} -> - CodeBase = http://vault.alamode.com/cab/vaultinstall.cab ->
{F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} -> - CodeBase = http://dictionary.reference.com/tools/t ... lexico.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< ControlSets > ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 1 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Security Settings > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\System32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 30189 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ -> ->
Key not found -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{823FCCBC-9A2B-4190-836E-0FF20597A92E} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{05A2D896-57D4-4E95-8451-28A02EC3C2C2} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F8CAAA42-DB74-4EA9-B5C1-362F6A855FA9} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{00971FC6-A25C-4D74-9C1E-9F1008A319BD} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->

[Files/Folders - Created Within 60 days]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 52053 bytes | Created Date = 4/19/2007 3:30:11 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/18/2007 7:32:48 PM | Attr = ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 3/12/2007 4:44:36 PM | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Created Date = 3/12/2007 4:54:40 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 3/12/2007 4:50:40 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/3/2007 3:05:29 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 3/12/2007 4:44:59 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 3/12/2007 4:55:50 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 3/12/2007 4:55:31 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 3/12/2007 4:43:20 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 3/12/2007 4:55:04 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 3/12/2007 4:42:53 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/19/2007 6:30:36 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/10/2007 5:30:36 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/10/2007 5:31:03 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/10/2007 5:32:06 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 3/12/2007 4:50:07 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/10/2007 5:29:55 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 4/7/2007 1:49:36 PM | Attr = H ]
adfhii.ini -> %SystemRoot%\adfhii.ini -> [Ver = | Size = 1206396 bytes | Created Date = 4/15/2007 2:28:55 PM | Attr = HS]
alaredun.ini -> %SystemRoot%\alaredun.ini -> [Ver = | Size = 34668 bytes | Created Date = 3/30/2007 4:25:11 PM | Attr = ]
byyyay.dll -> %SystemRoot%\byyyay.dll -> [Ver = | Size = 106767 bytes | Created Date = 4/19/2007 7:18:38 PM | Attr = ]
cdgffe.ini -> %SystemRoot%\cdgffe.ini -> [Ver = | Size = 1110552 bytes | Created Date = 4/15/2007 9:11:43 PM | Attr = HS]
dccbay.ini -> %SystemRoot%\dccbay.ini -> [Ver = | Size = 1095814 bytes | Created Date = 4/16/2007 7:34:10 PM | Attr = HS]
dghgjl.ini -> %SystemRoot%\dghgjl.ini -> [Ver = | Size = 1456759 bytes | Created Date = 4/9/2007 7:57:03 PM | Attr = HS]
edeggh.ini -> %SystemRoot%\edeggh.ini -> [Ver = | Size = 1456186 bytes | Created Date = 4/4/2007 12:59:58 AM | Attr = HS]
gjjilm.ini -> %SystemRoot%\gjjilm.ini -> [Ver = | Size = 1457032 bytes | Created Date = 4/8/2007 7:27:20 PM | Attr = HS]
ilooqr.ini -> %SystemRoot%\ilooqr.ini -> [Ver = | Size = 1206804 bytes | Created Date = 4/15/2007 5:11:45 PM | Attr = HS]
lllopo.ini -> %SystemRoot%\lllopo.ini -> [Ver = | Size = 993919 bytes | Created Date = 4/17/2007 11:49:49 PM | Attr = HS]
moqrqr.ini -> %SystemRoot%\moqrqr.ini -> [Ver = | Size = 1456243 bytes | Created Date = 4/1/2007 11:42:16 PM | Attr = HS]
nprtut.ini -> %SystemRoot%\nprtut.ini -> [Ver = | Size = 1456261 bytes | Created Date = 4/1/2007 2:11:57 PM | Attr = HS]
PestPatrol5.INI -> %SystemRoot%\PestPatrol5.INI -> [Ver = | Size = 0 bytes | Created Date = 4/13/2007 7:33:36 PM | Attr = ]
pqstwa.ini -> %SystemRoot%\pqstwa.ini -> [Ver = | Size = 1206471 bytes | Created Date = 4/13/2007 2:18:16 PM | Attr = HS]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4/15/2007 5:35:14 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4/15/2007 5:35:14 PM | Attr = H ]
ruuwwa.ini -> %SystemRoot%\ruuwwa.ini -> [Ver = | Size = 1456123 bytes | Created Date = 4/6/2007 9:13:50 AM | Attr = HS]
suxyxx.ini -> %SystemRoot%\suxyxx.ini -> [Ver = | Size = 355 bytes | Created Date = 3/29/2007 12:24:27 PM | Attr = HS]
uwxbay.ini -> %SystemRoot%\uwxbay.ini -> [Ver = | Size = 1456306 bytes | Created Date = 4/6/2007 11:31:58 PM | Attr = HS]
wabddd.ini -> %SystemRoot%\wabddd.ini -> [Ver = | Size = 1205976 bytes | Created Date = 4/10/2007 9:36:34 PM | Attr = HS]
xaybcf.ini -> %SystemRoot%\xaybcf.ini -> [Ver = | Size = 1456606 bytes | Created Date = 3/25/2007 11:15:28 PM | Attr = HS]
yaddeg.tmp -> %SystemRoot%\yaddeg.tmp -> [Ver = | Size = 1456183 bytes | Created Date = 3/24/2007 3:55:20 PM | Attr = HS]
yayyyb.ini -> %SystemRoot%\yayyyb.ini -> [Ver = | Size = 994276 bytes | Created Date = 4/19/2007 7:18:39 PM | Attr = HS]
ybehkj.ini -> %SystemRoot%\ybehkj.ini -> [Ver = | Size = 1456123 bytes | Created Date = 4/3/2007 10:42:43 AM | Attr = HS]
bak -> %System32%\bak -> [Folder | Created Date = 3/18/2007 6:49:33 PM | Attr = ]
expmpr.dll -> %System32%\expmpr.dll -> [Ver = | Size = 19718 bytes | Created Date = 3/18/2007 6:59:33 PM | Attr = ]
sys} -> %System32%\sys} -> [Folder | Created Date = 2/22/2007 10:35:27 AM | Attr = ]
tmp55.tmp.dll -> %System32%\tmp55.tmp.dll -> [Ver = | Size = 37938 bytes | Created Date = 4/18/2007 12:04:18 PM | Attr = ]
tmp5E.tmp.dll -> %System32%\tmp5E.tmp.dll -> [Ver = | Size = 37658 bytes | Created Date = 4/17/2007 12:05:28 AM | Attr = ]
tmp80.tmp.dll -> %System32%\tmp80.tmp.dll -> [Ver = | Size = 37658 bytes | Created Date = 4/18/2007 12:40:44 AM | Attr = ]
yabbc.exe -> %System32%\yabbc.exe -> [Ver = | Size = 27290 bytes | Created Date = 3/18/2007 6:59:32 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 3/22/2007 4:54:31 PM | Attr = ]
ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1006 | Size = 26064 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.115 | Size = 28256 bytes | Created Date = 4/16/2007 8:00:04 AM | Attr = ]

[Files/Folders - Modified Within 60 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 4/11/2007 6:33:24 PM | Attr = RH ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/19/2007 12:20:28 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073074176 bytes | Modified Date = 4/19/2007 11:06:02 PM | Attr = HS]
Inetpub -> %SystemDrive%\Inetpub -> [Folder | Modified Date = 3/27/2007 1:25:56 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/19/2007 12:19:10 PM | Attr = ]
unzipped -> %SystemDrive%\unzipped -> [Folder | Modified Date = 3/23/2007 11:57:50 PM | Attr = ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 52053 bytes | Modified Date = 4/19/2007 4:30:12 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/18/2007 9:24:24 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/20/2007 12:20:12 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/10/2007 2:21:10 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 3/12/2007 5:44:38 PM | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Modified Date = 3/12/2007 5:54:42 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 3/12/2007 5:50:42 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/3/2007 4:05:32 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 3/12/2007 5:45:02 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 3/12/2007 5:55:52 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 3/12/2007 5:55:34 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 3/12/2007 5:43:24 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 3/12/2007 5:55:06 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 3/12/2007 5:42:56 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/19/2007 7:30:38 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/10/2007 6:30:38 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/10/2007 6:31:08 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/10/2007 6:32:08 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 3/12/2007 5:50:08 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/10/2007 6:29:58 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 4/7/2007 2:49:38 PM | Attr = H ]
adfhii.ini -> %SystemRoot%\adfhii.ini -> [Ver = | Size = 1206396 bytes | Modified Date = 4/15/2007 3:29:04 PM | Attr = HS]
alamode.ini -> %SystemRoot%\alamode.ini -> [Ver = | Size = 4617 bytes | Modified Date = 3/30/2007 5:26:26 PM | Attr = ]
alaredun.ini -> %SystemRoot%\alaredun.ini -> [Ver = | Size = 34668 bytes | Modified Date = 3/30/2007 5:25:12 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/7/2007 4:23:58 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/19/2007 11:06:14 PM | Attr = S]
byyyay.dll -> %SystemRoot%\byyyay.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/19/2007 8:18:40 PM | Attr = ]
cdgffe.ini -> %SystemRoot%\cdgffe.ini -> [Ver = | Size = 1110552 bytes | Modified Date = 4/16/2007 8:29:26 PM | Attr = HS]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 4/19/2007 12:05:08 PM | Attr = HS]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 3/27/2007 1:25:28 AM | Attr = ]
dccbay.ini -> %SystemRoot%\dccbay.ini -> [Ver = | Size = 1095814 bytes | Modified Date = 4/18/2007 12:36:06 AM | Attr = HS]
dghgjl.ini -> %SystemRoot%\dghgjl.ini -> [Ver = | Size = 1456759 bytes | Modified Date = 4/10/2007 8:47:20 PM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/16/2007 3:04:34 PM | Attr = S]
edeggh.ini -> %SystemRoot%\edeggh.ini -> [Ver = | Size = 1456186 bytes | Modified Date = 4/4/2007 5:29:26 PM | Attr = HS]
gjjilm.ini -> %SystemRoot%\gjjilm.ini -> [Ver = | Size = 1457032 bytes | Modified Date = 4/9/2007 8:01:48 PM | Attr = HS]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/17/2007 1:22:58 AM | Attr = ]
iis6.BAK -> %SystemRoot%\iis6.BAK -> [Ver = | Size = 2117835 bytes | Modified Date = 3/27/2007 1:26:14 AM | Attr = ]
ilooqr.ini -> %SystemRoot%\ilooqr.ini -> [Ver = | Size = 1206804 bytes | Modified Date = 4/15/2007 9:59:16 PM | Attr = HS]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 4/10/2007 6:31:16 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/14/2007 7:41:12 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/16/2007 8:57:32 AM | Attr = HS]
lllopo.ini -> %SystemRoot%\lllopo.ini -> [Ver = | Size = 993919 bytes | Modified Date = 4/19/2007 8:15:20 PM | Attr = HS]
machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 2838 bytes | Modified Date = 2/27/2007 9:39:34 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/13/2007 2:39:26 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/8/2007 10:58:46 AM | Attr = ]
moqrqr.ini -> %SystemRoot%\moqrqr.ini -> [Ver = | Size = 1456243 bytes | Modified Date = 4/2/2007 1:25:22 PM | Attr = HS]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/10/2007 7:47:06 PM | Attr = ]
nprtut.ini -> %SystemRoot%\nprtut.ini -> [Ver = | Size = 1456261 bytes | Modified Date = 4/1/2007 8:00:10 PM | Attr = HS]
Options -> %SystemRoot%\Options -> [Folder | Modified Date = 4/15/2007 8:37:58 PM | Attr = ]
PestPatrol5.INI -> %SystemRoot%\PestPatrol5.INI -> [Ver = | Size = 0 bytes | Modified Date = 4/13/2007 8:33:38 PM | Attr = ]
pqstwa.ini -> %SystemRoot%\pqstwa.ini -> [Ver = | Size = 1206471 bytes | Modified Date = 4/15/2007 12:04:00 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/20/2007 12:35:24 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/2/2007 1:37:08 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 4/15/2007 6:35:16 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/19/2007 4:30:50 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/19/2007 2:03:38 AM | Attr = ]
ruuwwa.ini -> %SystemRoot%\ruuwwa.ini -> [Ver = | Size = 1456123 bytes | Modified Date = 4/7/2007 12:05:06 AM | Attr = HS]
security -> %SystemRoot%\security -> [Folder | Modified Date = 4/19/2007 1:50:08 PM | Attr = ]
suxyxx.ini -> %SystemRoot%\suxyxx.ini -> [Ver = | Size = 355 bytes | Modified Date = 3/29/2007 2:56:40 PM | Attr = HS]
swupdate.INI -> %SystemRoot%\swupdate.INI -> [Ver = | Size = 67 bytes | Modified Date = 2/27/2007 9:39:30 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/22/2007 5:53:24 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 4/19/2007 12:20:28 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/18/2007 9:25:00 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/22/2007 2:12:40 AM | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 4/19/2007 11:10:00 PM | Attr = ]
TUTORI~1.INI -> %SystemRoot%\TUTORI~1.INI -> [Ver = | Size = 56 bytes | Modified Date = 3/1/2007 8:17:18 PM | Attr = ]
uwxbay.ini -> %SystemRoot%\uwxbay.ini -> [Ver = | Size = 1456306 bytes | Modified Date = 4/8/2007 7:32:24 PM | Attr = HS]
wabddd.ini -> %SystemRoot%\wabddd.ini -> [Ver = | Size = 1205976 bytes | Modified Date = 4/13/2007 3:18:16 PM | Attr = HS]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 2046 bytes | Modified Date = 4/19/2007 4:30:14 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/12/2007 5:52:58 PM | Attr = ]
xaybcf.ini -> %SystemRoot%\xaybcf.ini -> [Ver = | Size = 1456606 bytes | Modified Date = 3/28/2007 4:43:28 PM | Attr = HS]
yaddeg.tmp -> %SystemRoot%\yaddeg.tmp -> [Ver =
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA

Unread postby tim s » April 20th, 2007, 7:15 am

Hello scottp,


Here is the WinPfind3U.exe. log. I assumed since you did not mention it, that the box (non-Microsoft) should remain checked. I ran it the other wau too if you need that.


Sorry, no I didn't want you to change any other settings I should have mentioned that.

Your log got cut off at the end it is to big for one reply post please split it in to separate reply posts until last line is < End of Report >

Thanks tim s
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby scottp » April 20th, 2007, 3:56 pm

Sorry about that.....Here is the remainder of the WinPFins3.txt.



yaddeg.tmp -> %SystemRoot%\yaddeg.tmp -> [Ver = | Size = 1456183 bytes | Modified Date = 3/24/2007 4:55:22 PM | Attr = HS]
yayyyb.ini -> %SystemRoot%\yayyyb.ini -> [Ver = | Size = 994276 bytes | Modified Date = 4/20/2007 12:10:42 AM | Attr = HS]
ybehkj.ini -> %SystemRoot%\ybehkj.ini -> [Ver = | Size = 1456123 bytes | Modified Date = 4/3/2007 12:21:24 PM | Attr = HS]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/19/2007 11:06:16 PM | Attr = H ]
{0EB96059-55E3-4EC6-9CC1-900D733604A5}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{0EB96059-55E3-4EC6-9CC1-900D733604A5}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/19/2007 11:29:56 PM | Attr = H ]
{71E08B6A-2D00-4BD4-9D80-F32633C5D659}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{71E08B6A-2D00-4BD4-9D80-F32633C5D659}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/19/2007 11:29:56 PM | Attr = H ]
{EED74E73-B446-4FD2-AD59-298B384A0F0C}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{EED74E73-B446-4FD2-AD59-298B384A0F0C}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/19/2007 11:29:56 PM | Attr = H ]
{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/19/2007 8:52:36 PM | Attr = H ]
alamapctrl.dll -> %System32%\alamapctrl.dll -> a la mode, inc. [Ver = 1.02.0298 | Size = 2338816 bytes | Modified Date = 2/27/2007 12:48:54 PM | Attr = ]
alarpt5.ocx -> %System32%\alarpt5.ocx -> a la mode, inc. [Ver = 1.00.0980 | Size = 3428352 bytes | Modified Date = 2/26/2007 2:12:16 PM | Attr = ]
bak -> %System32%\bak -> [Folder | Modified Date = 3/18/2007 7:49:34 PM | Attr = ]
bdod.bin -> %System32%\bdod.bin -> [Ver = | Size = 81984 bytes | Modified Date = 3/22/2007 4:20:30 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/19/2007 8:52:18 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/19/2007 10:27:08 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/29/2007 8:03:18 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/10/2007 7:47:06 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/19/2007 11:06:50 PM | Attr = ]
expmpr.dll -> %System32%\expmpr.dll -> [Ver = | Size = 19718 bytes | Modified Date = 3/18/2007 7:59:34 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 291680 bytes | Modified Date = 4/3/2007 4:33:30 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 4/19/2007 11:06:54 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 3/27/2007 1:25:50 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 3/1/2007 11:06:12 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 79392 bytes | Modified Date = 3/27/2007 1:26:06 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 441538 bytes | Modified Date = 3/27/2007 1:26:06 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 529504 bytes | Modified Date = 3/27/2007 1:26:06 AM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 4/14/2007 7:14:14 PM | Attr = ]
sys} -> %System32%\sys} -> [Folder | Modified Date = 2/22/2007 11:35:28 AM | Attr = ]
tmp55.tmp.dll -> %System32%\tmp55.tmp.dll -> [Ver = | Size = 37938 bytes | Modified Date = 4/18/2007 1:04:20 PM | Attr = ]
tmp5E.tmp.dll -> %System32%\tmp5E.tmp.dll -> [Ver = | Size = 37658 bytes | Modified Date = 4/17/2007 1:05:30 AM | Attr = ]
tmp80.tmp.dll -> %System32%\tmp80.tmp.dll -> [Ver = | Size = 37658 bytes | Modified Date = 4/18/2007 1:40:46 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 4/19/2007 11:09:56 PM | Attr = ]
wtusers.dll -> %System32%\wtusers.dll -> a la mode, inc. [Ver = 1.00.0015 | Size = 1527808 bytes | Modified Date = 2/20/2007 9:51:38 AM | Attr = ]
yabbc.exe -> %System32%\yabbc.exe -> [Ver = | Size = 27290 bytes | Modified Date = 3/18/2007 7:59:34 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.461 | Size = 778432 bytes | Modified Date = 4/17/2007 3:31:54 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/22/2007 9:00:46 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 3/22/2007 5:54:32 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/12/2007 10:49:16 PM | Attr = ]
ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Modified Date = 3/29/2007 8:08:42 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Modified Date = 4/4/2007 1:52:52 AM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Modified Date = 2/23/2007 12:09:54 AM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1006 | Size = 26064 bytes | Modified Date = 2/23/2007 7:13:52 AM | Attr = ]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.115 | Size = 28256 bytes | Modified Date = 4/16/2007 9:00:30 AM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 436 bytes | Modified Date = 4/19/2007 11:06:54 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %SystemDrive%\AVG7DB_F.DAT -> [Ver = | Size = 38750214 bytes | Modified Date = 9/20/2005 12:14:02 PM | Attr = RHS]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\rc10444.exe:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
UpackByDwing , MZKERNEL32.DLL , -> %SystemRoot%\byyyay.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/19/2007 8:18:40 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 5:00:00 AM | Attr = ]
WSUD , -> %System32%\dwsock6.dll -> Desaware Inc. [Ver = 1.01.0005 | Size = 200704 bytes | Modified Date = 9/9/2002 10:50:44 PM | Attr = ]
aspack , -> %System32%\Incinerator.dll -> iolo technologies, LLC [Ver = 5.5.1.0 | Size = 702464 bytes | Modified Date = 2/17/2005 7:35:48 AM | Attr = ]
Thawte Consulting , -> %System32%\ractrlkeyhook.dll -> [Ver = | Size = 7912 bytes | Modified Date = 5/6/2005 3:55:18 PM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\tmp55.tmp.dll -> [Ver = | Size = 37938 bytes | Modified Date = 4/18/2007 1:04:20 PM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\tmp5E.tmp.dll -> [Ver = | Size = 37658 bytes | Modified Date = 4/17/2007 1:05:30 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\tmp80.tmp.dll -> [Ver = | Size = 37658 bytes | Modified Date = 4/18/2007 1:40:46 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 5:00:00 AM | Attr = ]
MZKERNEL32.DLL , -> %System32%\yabbc.exe -> [Ver = | Size = 27290 bytes | Modified Date = 3/18/2007 7:59:34 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.461 | Size = 778432 bytes | Modified Date = 4/17/2007 3:31:54 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA

Unread postby tim s » April 20th, 2007, 6:58 pm

Hi scottp,

We are going to begin removal of infection in steps. This first fix I have posted There will be more that needs removing. Running scans and checking logs takes time.

Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1
Do not run this yet I will let you know when.
Download CCleaner from here It will start to download automatically. If ask if you want to download let it. Save to your Desktop.
Note: If you get and Error page from this link.
Try again you will see this message Your download of CCleaner will automatically start in 5 seconds. Click here if it does not do not wait go ahead and click on it.
  • Double click on the file you downloaded to your desktop to start the installation of the program.
  • Select your language and click OK, then next.
  • Follow prompts to install finish to complete installation.
  • Close Ccleaner without running yet!
*NOTE* This tool will clean out cookies (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).

Step #2
Here we are going to just make sure this tool is setup correctly Do not run scan yet.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
    • Click on Scanner on the toolbar at top of this screen.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Close AVG Anti-Spyware without running yet.
Now disable (turn off AVG Anti-Spyware)
  • Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________


Step #3

Now start WinPFind3U.
Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
(make sure to just highlight and copy what is inside of the quote box nothing outside of it)


[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> BootService -> %SystemRoot%\byyyay.dll [rundll32.exe "C:\WINDOWS\byyyay.dll",realset]
NY -> SoundService -> %SystemRoot%\hggede.DLL [rundll32.exe "C:\WINDOWS\hggede.dll",setvm]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
NY -> expmpr -> %System32%\expmpr.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
NY -> {1557B435-8242-4686-9AA3-9265BF7525A4} [HKLM] -> %System32%\tmp55.tmp.dll [Reg Data - Value does not exist]
NY -> {c157892a-81f5-445c-a5e7-04439e197413} [HKLM] -> %System32%\expmpr.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 60 days]
NY -> byyyay.dll -> %SystemRoot%\byyyay.dll
NY -> edeggh.ini -> %SystemRoot%\edeggh.ini
NY -> gjjilm.ini -> %SystemRoot%\gjjilm.ini
NY -> yayyyb.ini -> %SystemRoot%\yayyyb.ini
NY -> expmpr.dll -> %System32%\expmpr.dll
NY -> tmp55.tmp.dll -> %System32%\tmp55.tmp.dll
NY -> tmp5E.tmp.dll -> %System32%\tmp5E.tmp.dll
NY -> tmp80.tmp.dll -> %System32%\tmp80.tmp.dll
NY -> yabbc.exe -> %System32%\yabbc.exe
[Files/Folders - Modified Within 60 days]
NY -> byyyay.dll -> %SystemRoot%\byyyay.dll
NY -> yayyyb.ini -> %SystemRoot%\yayyyb.ini
NY -> expmpr.dll -> %System32%\expmpr.dll
NY -> tmp55.tmp.dll -> %System32%\tmp55.tmp.dll
NY -> tmp5E.tmp.dll -> %System32%\tmp5E.tmp.dll
NY -> tmp80.tmp.dll -> %System32%\tmp80.tmp.dll
NY -> yabbc.exe -> %System32%\yabbc.exe
[File String Scan - Non-Microsoft Only]
NY -> UpackByDwing , MZKERNEL32.DLL , -> %SystemRoot%\byyyay.dll
NY -> UpackByDwing , MZKERNEL32.DLL , -> %System32%\tmp55.tmp.dll
NY -> UpackByDwing , MZKERNEL32.DLL , -> %System32%\tmp5E.tmp.dll
NY -> UpackByDwing , MZKERNEL32.DLL , -> %System32%\tmp80.tmp.dll
NY -> MZKERNEL32.DLL , -> %System32%\yabbc.exe


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Step #4

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #5

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:


Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should fix screen a little better.

  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.

Image

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button.(3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop. I will need you to post this in your next reply.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________


Step #6

Next rerun Winpfind3u.exe and use these settings.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within-----
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within-----
    • Click on 60 days
  • Next on the right side of screen Under Additional Scans
    • All boxes Unchecked no checkmarks in any.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


______________________________

Step #7

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u fix I had you run it will be inside the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby scottp » April 21st, 2007, 9:32 pm

Hi Tim,

As you requested.

Scott

WinPFind3 logfile created on: 4/21/2007 5:47:01 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Scott\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1023.30 Mb Total Physical Memory | 583.05 Mb Available Physical Memory | 56.98% Memory free
1.40 Gb Paging File | 1.03 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): C:\pagefile.sys 500 750;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 7.35 Gb Free Space | 19.74% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 111.81 Gb Total Space | 46.26 Gb Free Space | 41.37% Space Free

Computer Name: KOBETOSHIBA
Current User Name: Scott
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
1xconfig.exe -> %System32%\1XConfig.exe -> Intel [Ver = 8, 0, 0, 161 | Size = 184320 bytes | Modified Date = 12/16/2003 4:43:06 PM | Attr = ]
acrobat_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 32256 bytes | Modified Date = 9/24/2005 12:05:38 AM | Attr = ]
acsd.exe -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 12:16:02 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/17/2007 3:31:58 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/17/2007 3:32:00 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/11/2006 10:03:54 AM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 12/2/2003 6:05:54 PM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 7/26/2005 5:51:22 PM | Attr = ]
dm1service.exe -> %ProgramFiles%\Olympus\DeviceDetector\DM1Service.exe -> OLYMPUS Corporation [Ver = 1, 2, 0, 1 | Size = 65536 bytes | Modified Date = 3/1/2004 2:39:26 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 2:38:26 PM | Attr = ]
googledesktopsetuphelper.exe -> %ProgramFiles%\Google\Google Desktop Search\gcdtmp105\GoogleDesktopSetupHelper.exe -> Google [Ver = 5.1.703.13372 | Size = 1862144 bytes | Modified Date = 4/21/2007 5:42:02 PM | Attr = ]
googlewebaccclient.exe -> %ProgramFiles%\Google\Web Accelerator\googlewebaccclient.exe -> [Ver = | Size = 1679360 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
googlewebaccwarden.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [Ver = | Size = 655360 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4634 | Size = 77824 bytes | Modified Date = 12/10/2003 7:50:00 AM | Attr = ]
nxdlghlp.exe -> %ProgramFiles%\Novatix\ExplorerPlus\Nxdlghlp.exe -> Novatix Corporation [Ver = 6.0.0.1 | Size = 65536 bytes | Modified Date = 10/14/2003 8:15:46 AM | Attr = ]
nxexplo.exe -> %ProgramFiles%\Novatix\ExplorerPlus\NxExplo.exe -> [Ver = | Size = 1130496 bytes | Modified Date = 4/23/2004 5:20:00 AM | Attr = ]
nxexplo.exe -> %ProgramFiles%\Novatix\ExplorerPlus\NxExplo.exe -> [Ver = | Size = 1130496 bytes | Modified Date = 4/23/2004 5:20:00 AM | Attr = ]
nxexplo.exe -> %ProgramFiles%\Novatix\ExplorerPlus\NxExplo.exe -> [Ver = | Size = 1130496 bytes | Modified Date = 4/23/2004 5:20:00 AM | Attr = ]
qbupdate.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 17.0 R6 | Size = 972320 bytes | Modified Date = 3/1/2007 4:55:18 AM | Attr = ]
regsrvc.exe -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Modified Date = 12/16/2003 4:41:40 PM | Attr = ]
robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-1 | Size = 160832 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
s24evmon.exe -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Modified Date = 12/16/2003 4:42:32 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 5:50:10 PM | Attr = ]
snagit32.exe -> %ProgramFiles%\TechSmith\SnagIt 7\SnagIt32.exe -> TechSmith Corporation [Ver = 7.2.5.0 | Size = 3719168 bytes | Modified Date = 10/14/2005 8:25:00 AM | Attr = ]
swupdtmr.exe -> %SystemDrive%\Toshiba\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 10/21/2003 12:26:14 PM | Attr = ]
tmeejme.exe -> %ProgramFiles%\Toshiba\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 18 | Size = 77824 bytes | Modified Date = 9/18/2003 11:32:32 PM | Attr = ]
tmesbs32.exe -> %ProgramFiles%\Toshiba\TME3\tmesbs32.exe -> TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Modified Date = 8/1/2003 3:56:02 PM | Attr = ]
tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 44, 0 | Size = 126976 bytes | Modified Date = 12/9/2003 9:50:54 PM | Attr = ]
tschelp.exe -> %ProgramFiles%\TechSmith\SnagIt 7\TSCHelp.exe -> TechSmith Corporation [Ver = 1.0.0 | Size = 26112 bytes | Modified Date = 1/7/2005 5:23:06 PM | Attr = ]
ultramon.exe -> %ProgramFiles%\UltraMon\UltraMon.exe -> Realtime Soft [Ver = 2.7.0.0 | Size = 304640 bytes | Modified Date = 9/27/2006 10:38:52 PM | Attr = ]
ultramontaskbar.exe -> %ProgramFiles%\UltraMon\UltraMonTaskbar.exe -> Realtime Soft [Ver = 2.7.0.0 | Size = 258048 bytes | Modified Date = 9/27/2006 10:39:08 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:27:44 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
zcfgsvc.exe -> %System32%\ZCfgSvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 376832 bytes | Modified Date = 12/16/2003 4:47:42 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 5/30/2005 12:40:36 AM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 12:16:02 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/17/2007 3:31:58 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/11/2006 10:03:54 AM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 12/2/2003 6:05:54 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 7/26/2005 5:51:22 PM | Attr = ]
(DM1Service) DM1Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Olympus\DeviceDetector\DM1Service.exe -> OLYMPUS Corporation [Ver = 1, 2, 0, 1 | Size = 65536 bytes | Modified Date = 3/1/2004 2:39:26 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 2:38:26 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 2:48:24 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4634 | Size = 77824 bytes | Modified Date = 12/10/2003 7:50:00 AM | Attr = ]
(QBCFMonitorService) QBCFMonitorService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 1.0.2616.5547 | Size = 20480 bytes | Modified Date = 3/1/2007 4:04:58 AM | Attr = ]
(QBFCService) Intuit QuickBooks FCS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> Intuit Inc. [Ver = 1.1.0.5 | Size = 65536 bytes | Modified Date = 11/9/2006 4:30:14 PM | Attr = ]
(QuickBooksDB17) QuickBooksDB17 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intuit\QuickBooks 2005\QBDBMgrN.exe -> iAnywhere Solutions, Inc. [Ver = 9.0.2.3267 | Size = 128536 bytes | Modified Date = 9/13/2006 11:32:12 AM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Modified Date = 12/16/2003 4:41:40 PM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Modified Date = 12/16/2003 4:42:32 PM | Attr = ]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.19 | Size = 707664 bytes | Modified Date = 4/11/2007 9:36:42 PM | Attr = ]
(sdCoreService) Spyware Doctor Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.56 | Size = 1301584 bytes | Modified Date = 4/11/2007 9:36:48 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 5:50:10 PM | Attr = ]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\Toshiba\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 10/21/2003 12:26:14 PM | Attr = ]
(Tmesbs) Tmesbs32 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\tmesbs32.exe -> TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Modified Date = 8/1/2003 3:56:02 PM | Attr = ]
(Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 44, 0 | Size = 126976 bytes | Modified Date = 12/9/2003 9:50:54 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:27:44 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/17/2007 3:32:00 AM | Attr = ]
DiskeeperSystray -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 184408 bytes | Modified Date = 7/26/2005 5:52:24 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.13372 | Size = 1862144 bytes | Modified Date = 3/22/2007 5:38:26 PM | Attr = ]
QuickBooksDB17 -> C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe "%LocalAppData%\Intuit\QuickBooks\Log\DBStartup.log -> File not found
The Assistant -> %ProgramFiles%\a la mode\Sched\eSched.exe -> File not found
UltraMon -> %ProgramFiles%\UltraMon\UltraMon.exe -> Realtime Soft [Ver = 2.7.0.0 | Size = 304640 bytes | Modified Date = 9/27/2006 10:38:52 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-1 | Size = 160832 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.7 | Size = 307200 bytes | Modified Date = 8/18/2005 12:49:06 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 11/5/2005 8:15:14 PM | Attr = R ]
%AllUsersStartup%\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 17.0 R6 | Size = 972320 bytes | Modified Date = 3/1/2007 4:55:18 AM | Attr = ]
%AllUsersStartup%\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe -> [Ver = | Size = 655360 bytes | Modified Date = 3/29/2007 9:34:06 PM | Attr = ]
%AllUsersStartup%\SnagIt 7.lnk -> %ProgramFiles%\TechSmith\SnagIt 7\SnagIt32.exe -> TechSmith Corporation [Ver = 7.2.5.0 | Size = 3719168 bytes | Modified Date = 10/14/2005 8:25:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Scott\Start Menu\Programs\Startup
%UserStartup%\dialog tracker.lnk -> %ProgramFiles%\Novatix\ExplorerPlus\Nxdlghlp.exe -> Novatix Corporation [Ver = 6.0.0.1 | Size = 65536 bytes | Modified Date = 10/14/2003 8:15:46 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.703.13372 | Size = 143360 bytes | Modified Date = 3/22/2007 5:38:34 PM | Attr = ]
C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL -> %ProgramFiles%\Google\Web Accelerator\fastsearch.dll -> Google Inc. [Ver = 1, 0, 0, 29 | Size = 364544 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
Sebring -> %System32%\LgNotify.dll -> Intel Corporation [Ver = 8, 0, 0, 161 | Size = 110592 bytes | Modified Date = 12/16/2003 4:49:34 PM | Attr = ]
< HOSTS File > (51072 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.toshiba.com ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Search Bar -> http://www.google.com/ie ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://google.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
//wellsfargo.exactbid.com [htttps] -> ->
vault_alamode.com [http] -> ->
cbt_ebanking-services.com [https] -> ->
webclient_myblackberry.us [https] -> ->
www_socalappraisal.net [http] -> ->
wwwalamode.com [*] -> ->
www_xsitesnetwork.com [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 10:12:08 PM | Attr = ]
{11359F4A-B191-42d7-905A-594F8CF0387B} [HKLM] -> %SystemRoot%\Downloaded Program Files\CONFLICT.1\lexbar.dll [Dictionary.com] -> [Ver = | Size = 270336 bytes | Modified Date = 2/6/2003 8:16:34 AM | Attr = ]
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [Ver = | Size = 237568 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Data - Value does not exist] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 4:25:44 AM | Attr = ]
{7c1ce531-09e9-4fc5-9803-1c2956615786} [HKLM] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIE.dll [IeCaptureBho Object] -> Google [Ver = 5.1.703.13372 | Size = 108032 bytes | Modified Date = 3/22/2007 5:38:28 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{11359F4A-B191-42D7-905A-594F8CF0387B} [HKLM] -> %SystemRoot%\Downloaded Program Files\CONFLICT.1\lexbar.dll [Dictionary.com] -> [Ver = | Size = 270336 bytes | Modified Date = 2/6/2003 8:16:34 AM | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
{724d43a0-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 237568 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 10:41:42 PM | Attr = ]
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-1 | Size = 5526584 bytes | Modified Date = 3/23/2007 11:37:06 PM | Attr = ]
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [Ver = | Size = 237568 bytes | Modified Date = 3/16/2007 2:43:56 PM | Attr = ]
WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKLM] -> [&Links] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -> %ProgramFiles%\ieSpell\iespell.dll\SPELLCHECK.HTM [ButtonText: ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKLM] -> Reg Data - Key not found [MenuText: ieSpell Options] -> File not found
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [ButtonText: Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [ButtonText: Save] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F4C} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComOptions.htm [ButtonText: Options] -> File not found
{45DB34C3-955C-11D3-ABEF-444553540001} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComEditPass.htm [ButtonText: Passcards] -> File not found
{53A008B9-E8B5-4d83-87D9-D444C3F496CF} -> Reg Data - Value does not exist [ButtonText: XWins] -> File not found
{724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [ButtonText: RoboForm] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{EA858A55-5185-4079-8721-507905E37CD4} -> Reg Data - Value does not exist [ButtonText: IEHelp] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&ieSpell Options -> %ProgramFiles%\ieSpell\iespell.dll\SPELLOPTION.HTM -> File not found
Check &Spelling -> %ProgramFiles%\ieSpell\iespell.dll\SPELLCHECK.HTM -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Customize Menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Fill Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm -> File not found
Open PDF in Word (PDF Converter 2.0) -> %ProgramFiles%\ScanSoft\PDF Converter 2.0\IEShellExt.dll -> ScanSoft, Inc. [Ver = 2.0.2004.4294 | Size = 40960 bytes | Modified Date = 4/29/2004 9:58:50 AM | Attr = ]
RoboForm Toolbar -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm -> File not found
Save Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm -> File not found
Search &Dictionary -> %ProgramFiles%\Lexico\Toolbar\dictionary.htm -> [Ver = | Size = 1103 bytes | Modified Date = 1/11/2003 10:23:38 AM | Attr = ]
Search &Thesaurus -> %ProgramFiles%\Lexico\Toolbar\thesaurus.htm -> [Ver = | Size = 1104 bytes | Modified Date = 1/11/2003 10:24:04 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
image_azv -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{00971FC6-A25C-4D74-9C1E-9F1008A319BD} -> 10.10.10.200,65.106.1.196,65.106.7.196 (Intel(R) PRO/1000 MT Mobile Connection) ->
{05A2D896-57D4-4E95-8451-28A02EC3C2C2} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{08C74418-A496-4E76-8E1E-D061794E858D} -> (Intel(R) PRO/Wireless 2100 LAN 3B Mini PCI Adapter) ->
{7E0A5240-3ECB-455E-9344-822244FA20AA} -> () ->
{F8CAAA42-DB74-4EA9-B5C1-362F6A855FA9} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000038 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 85, 0 | Size = 149072 bytes | Modified Date = 3/22/2007 11:19:50 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000039 -> %ProgramFiles%\Spyware Doctor\FilterLSP.dll -> [Ver = 1, 0, 2, 0 | Size = 108112 bytes | Modified Date = 3/6/2007 3:57:36 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
x-excid -> %SystemRoot%\Downloaded Program Files\mimectl.dll -> [Ver = | Size = 370688 bytes | Modified Date = 4/2/2004 1:05:30 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01113300-3E00-11D2-8470-0060089874ED} -> Support.com Configuration Class - CodeBase = http://activation.rr.com/install/downloads/tgctlcm.cab ->
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} -> SentinelVE3D Class - CodeBase = http://download.microsoft.com/download/ ... arth3D.cab ->
{106E49CF-797A-11D2-81A2-00E02C015623} -> AlternaTIFF ActiveX - CodeBase = http://www.alternatiff.com/install/00/alttiff.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=48835 ->
{1842B0EE-B597-11D4-8997-00104BD12D94} -> iCC Class - CodeBase = http://www.pcpitstop.com/internet/pcpConnCheck.cab ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab ->
{31BF1A1B-D895-4CF4-911B-E2C5E7BBECA0} -> alaImportExport.ImportExport - CodeBase = http://wbsvc.alamode.com/ImportExport/ImportExport.CAB ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdat ... /opuc3.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.av.aol.com/molbin/share ... insctl.cab ->
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} -> Remote Access ActiveX Client - CodeBase = https://secure.logmein.com/activex/RACtrl.cab ->
{626FE447-E830-4F76-A024-41A20EEECF1A} -> RyzeAddrCtrl Class - CodeBase = http://www.ryze.com/RyzeAddr.CAB ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 3447951145 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{999D162F-1319-48F0-A7DB-886C582EE2C6} -> - CodeBase = file://Z:\CONTENT\cabs\alaWeb.CAB ->
{A7DB6550-3269-11D4-8C30-0001023CA9DC} -> Vault Files Downloader - CodeBase = https://vault.alamode.com/cab/vfd.cab ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab ->
{AED6797A-D608-11D4-89D2-00105AA3C57F} -> alaGrid.TechDocSearch - CodeBase = file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB ->
{B9D71543-E32B-4EAD-83C1-5B4001B0CE80} -> - CodeBase = file://Z:\CONTENT\cabs\alaWeb.CAB ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase = http://download.av.aol.com/molbin/share ... cgdmgr.cab ->
{C38F2056-BBEE-4FFA-BD07-588081487B32} -> alaImportExport.ImportExport - CodeBase = http://wbsvc.alamode.com/ImportExport/ImportExport.CAB ->
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_04 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CD27EEF6-55B8-4F24-99C5-E1191D814445} -> alaWeb5.cUtil - CodeBase = file://C:\WIN2000\CONTENT\cabs\alaWeb5.CAB ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{DDC55619-838F-4CA8-85E8-56EB8E0846FA} -> CCRUMIEConnector Class - CodeBase = http://boltpeters.com/ethnio/EthnioParticipant.CAB ->
{E536CDD9-E068-4DB7-95B0-C68DDE08ED3B} -> - CodeBase = http://vault.alamode.com/cab/vaultinstall.cab ->
{F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} -> - CodeBase = http://dictionary.reference.com/tools/t ... lexico.cab ->


[Files/Folders - Created Within 60 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073074176 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
lakeforest.office.pdf -> %SystemDrive%\lakeforest.office.pdf -> [Ver = | Size = 220542 bytes | Created Date = 4/20/2007 4:24:51 PM | Attr = ]
lakeforest.pdf -> %SystemDrive%\lakeforest.pdf -> [Ver = | Size = 1161272 bytes | Created Date = 4/20/2007 4:36:31 PM | Attr = ]
office.trends.2.pdf -> %SystemDrive%\office.trends.2.pdf -> [Ver = | Size = 208972 bytes | Created Date = 4/20/2007 4:46:21 PM | Attr = ]
recentofficetrends.pdf -> %SystemDrive%\recentofficetrends.pdf -> [Ver = | Size = 196238 bytes | Created Date = 4/20/2007 4:52:41 PM | Attr = ]
trends.office.pdf -> %SystemDrive%\trends.office.pdf -> [Ver = | Size = 91438 bytes | Created Date = 4/20/2007 4:43:24 PM | Attr = ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 53865 bytes | Created Date = 4/19/2007 3:30:11 PM | Attr = ]
viamartens.pdf -> %SystemDrive%\viamartens.pdf -> [Ver = | Size = 1937820 bytes | Created Date = 4/20/2007 4:05:45 PM | Attr = ]
viamartens.trends.pdf -> %SystemDrive%\viamartens.trends.pdf -> [Ver = | Size = 444051 bytes | Created Date = 4/20/2007 4:16:01 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/18/2007 7:32:48 PM | Attr = ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 3/12/2007 4:44:36 PM | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Created Date = 3/12/2007 4:54:40 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 3/12/2007 4:50:40 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/3/2007 3:05:29 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 3/12/2007 4:44:59 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 3/12/2007 4:55:50 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 3/12/2007 4:55:31 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 3/12/2007 4:43:20 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 3/12/2007 4:55:04 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 3/12/2007 4:42:53 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/19/2007 6:30:36 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 4/10/2007 5:30:36 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 4/10/2007 5:31:03 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 4/10/2007 5:32:06 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 3/12/2007 4:50:07 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 4/10/2007 5:29:55 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 4/7/2007 1:49:36 PM | Attr = H ]
adfhii.ini -> %SystemRoot%\adfhii.ini -> [Ver = | Size = 1206396 bytes | Created Date = 4/15/2007 2:28:55 PM | Attr = HS]
alaredun.ini -> %SystemRoot%\alaredun.ini -> [Ver = | Size = 34668 bytes | Created Date = 3/30/2007 4:25:11 PM | Attr = ]
cdgffe.ini -> %SystemRoot%\cdgffe.ini -> [Ver = | Size = 1110552 bytes | Created Date = 4/15/2007 9:11:43 PM | Attr = HS]
dccbay.ini -> %SystemRoot%\dccbay.ini -> [Ver = | Size = 1095814 bytes | Created Date = 4/16/2007 7:34:10 PM | Attr = HS]
dghgjl.ini -> %SystemRoot%\dghgjl.ini -> [Ver = | Size = 1456759 bytes | Created Date = 4/9/2007 7:57:03 PM | Attr = HS]
ilooqr.ini -> %SystemRoot%\ilooqr.ini -> [Ver = | Size = 1206804 bytes | Created Date = 4/15/2007 5:11:45 PM | Attr = HS]
lllopo.ini -> %SystemRoot%\lllopo.ini -> [Ver = | Size = 993919 bytes | Created Date = 4/17/2007 11:49:49 PM | Attr = HS]
moqrqr.ini -> %SystemRoot%\moqrqr.ini -> [Ver = | Size = 1456243 bytes | Created Date = 4/1/2007 11:42:16 PM | Attr = HS]
nprtut.ini -> %SystemRoot%\nprtut.ini -> [Ver = | Size = 1456261 bytes | Created Date = 4/1/2007 2:11:57 PM | Attr = HS]
PestPatrol5.INI -> %SystemRoot%\PestPatrol5.INI -> [Ver = | Size = 0 bytes | Created Date = 4/13/2007 7:33:36 PM | Attr = ]
pqstwa.ini -> %SystemRoot%\pqstwa.ini -> [Ver = | Size = 1206471 bytes | Created Date = 4/13/2007 2:18:16 PM | Attr = HS]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4/15/2007 5:35:14 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4/15/2007 5:35:14 PM | Attr = H ]
ruuwwa.ini -> %SystemRoot%\ruuwwa.ini -> [Ver = | Size = 1456123 bytes | Created Date = 4/6/2007 9:13:50 AM | Attr = HS]
suxyxx.ini -> %SystemRoot%\suxyxx.ini -> [Ver = | Size = 355 bytes | Created Date = 3/29/2007 12:24:27 PM | Attr = HS]
uwxbay.ini -> %SystemRoot%\uwxbay.ini -> [Ver = | Size = 1456306 bytes | Created Date = 4/6/2007 11:31:58 PM | Attr = HS]
wabddd.ini -> %SystemRoot%\wabddd.ini -> [Ver = | Size = 1205976 bytes | Created Date = 4/10/2007 9:36:34 PM | Attr = HS]
xaybcf.ini -> %SystemRoot%\xaybcf.ini -> [Ver = | Size = 1456606 bytes | Created Date = 3/25/2007 11:15:28 PM | Attr = HS]
yaddeg.tmp -> %SystemRoot%\yaddeg.tmp -> [Ver = | Size = 1456183 bytes | Created Date = 3/24/2007 3:55:20 PM | Attr = HS]
ybehkj.ini -> %SystemRoot%\ybehkj.ini -> [Ver = | Size = 1456123 bytes | Created Date = 4/3/2007 10:42:43 AM | Attr = HS]
bak -> %System32%\bak -> [Folder | Created Date = 3/18/2007 6:49:33 PM | Attr = ]
sys} -> %System32%\sys} -> [Folder | Created Date = 2/22/2007 10:35:27 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/21/2007 2:03:38 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 3/22/2007 4:54:31 PM | Attr = ]
ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1006 | Size = 26064 bytes | Created Date = 3/22/2007 3:31:10 PM | Attr = ]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.115 | Size = 28256 bytes | Created Date = 4/16/2007 8:00:04 AM | Attr = ]

[Files/Folders - Modified Within 60 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 4/20/2007 6:17:24 AM | Attr = RH ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/19/2007 12:20:28 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073074176 bytes | Modified Date = 4/21/2007 5:41:28 PM | Attr = HS]
Inetpub -> %SystemDrive%\Inetpub -> [Folder | Modified Date = 3/27/2007 1:25:56 AM | Attr = ]
lakeforest.office.pdf -> %SystemDrive%\lakeforest.office.pdf -> [Ver = | Size = 220542 bytes | Modified Date = 4/20/2007 5:25:12 PM | Attr = ]
lakeforest.pdf -> %SystemDrive%\lakeforest.pdf -> [Ver = | Size = 1161272 bytes | Modified Date = 4/20/2007 5:38:08 PM | Attr = ]
office.trends.2.pdf -> %SystemDrive%\office.trends.2.pdf -> [Ver = | Size = 208972 bytes | Modified Date = 4/20/2007 5:46:34 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/21/2007 2:02:34 AM | Attr = ]
recentofficetrends.pdf -> %SystemDrive%\recentofficetrends.pdf -> [Ver = | Size = 196238 bytes | Modified Date = 4/20/2007 5:52:52 PM | Attr = ]
trends.office.pdf -> %SystemDrive%\trends.office.pdf -> [Ver = | Size = 91438 bytes | Modified Date = 4/20/2007 5:43:30 PM | Attr = ]
unzipped -> %SystemDrive%\unzipped -> [Folder | Modified Date = 3/23/2007 11:57:50 PM | Attr = ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 53865 bytes | Modified Date = 4/20/2007 11:33:54 PM | Attr = ]
viamartens.pdf -> %SystemDrive%\viamartens.pdf -> [Ver = | Size = 1937820 bytes | Modified Date = 4/20/2007 5:08:26 PM | Attr = ]
viamartens.trends.pdf -> %SystemDrive%\viamartens.trends.pdf -> [Ver = | Size = 444051 bytes | Modified Date = 4/20/2007 5:16:22 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/18/2007 9:24:24 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/21/2007 1:49:28 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/10/2007 2:21:10 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 3/12/2007 5:44:38 PM | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Modified Date = 3/12/2007 5:54:42 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 3/12/2007 5:50:42 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/3/2007 4:05:32 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 3/12/2007 5:45:02 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 3/12/2007 5:55:52 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 3/12/2007 5:55:34 PM | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 3/12/2007 5:43:24 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 3/12/2007 5:55:06 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 3/12/2007 5:42:56 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/19/2007 7:30:38 AM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 4/10/2007 6:30:38 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 4/10/2007 6:31:08 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 4/10/2007 6:32:08 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 3/12/2007 5:50:08 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 4/10/2007 6:29:58 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 4/7/2007 2:49:38 PM | Attr = H ]
adfhii.ini -> %SystemRoot%\adfhii.ini -> [Ver = | Size = 1206396 bytes | Modified Date = 4/15/2007 3:29:04 PM | Attr = HS]
alamode.ini -> %SystemRoot%\alamode.ini -> [Ver = | Size = 4617 bytes | Modified Date = 3/30/2007 5:26:26 PM | Attr = ]
alaredun.ini -> %SystemRoot%\alaredun.ini -> [Ver = | Size = 34668 bytes | Modified Date = 3/30/2007 5:25:12 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/7/2007 4:23:58 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/21/2007 5:41:32 PM | Attr = S]
cdgffe.ini -> %SystemRoot%\cdgffe.ini -> [Ver = | Size = 1110552 bytes | Modified Date = 4/16/2007 8:29:26 PM | Attr = HS]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 4/21/2007 1:51:56 PM | Attr = HS]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 3/27/2007 1:25:28 AM | Attr = ]
dccbay.ini -> %SystemRoot%\dccbay.ini -> [Ver = | Size = 1095814 bytes | Modified Date = 4/18/2007 12:36:06 AM | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/21/2007 3:06:48 AM | Attr = ]
dghgjl.ini -> %SystemRoot%\dghgjl.ini -> [Ver = | Size = 1456759 bytes | Modified Date = 4/10/2007 8:47:20 PM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/16/2007 3:04:34 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/17/2007 1:22:58 AM | Attr = ]
ilooqr.ini -> %SystemRoot%\ilooqr.ini -> [Ver = | Size = 1206804 bytes | Modified Date = 4/15/2007 9:59:16 PM | Attr = HS]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/14/2007 7:41:12 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/16/2007 8:57:32 AM | Attr = HS]
lllopo.ini -> %SystemRoot%\lllopo.ini -> [Ver = | Size = 993919 bytes | Modified Date = 4/19/2007 8:15:20 PM | Attr = HS]
machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 2838 bytes | Modified Date = 2/27/2007 9:39:34 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/13/2007 2:39:26 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/21/2007 3:06:44 AM | Attr = ]
moqrqr.ini -> %SystemRoot%\moqrqr.ini -> [Ver = | Size = 1456243 bytes | Modified Date = 4/2/2007 1:25:22 PM | Attr = HS]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/10/2007 7:47:06 PM | Attr = ]
nprtut.ini -> %SystemRoot%\nprtut.ini -> [Ver = | Size = 1456261 bytes | Modified Date = 4/1/2007 8:00:10 PM | Attr = HS]
Options -> %SystemRoot%\Options -> [Folder | Modified Date = 4/15/2007 8:37:58 PM | Attr = ]
PestPatrol5.INI -> %SystemRoot%\PestPatrol5.INI -> [Ver = | Size = 0 bytes | Modified Date = 4/13/2007 8:33:38 PM | Attr = ]
pqstwa.ini -> %SystemRoot%\pqstwa.ini -> [Ver = | Size = 1206471 bytes | Modified Date = 4/15/2007 12:04:00 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/21/2007 2:01:48 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/2/2007 1:37:08 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 4/15/2007 6:35:16 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/20/2007 11:15:10 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/19/2007 2:03:38 AM | Attr = ]
ruuwwa.ini -> %SystemRoot%\ruuwwa.ini -> [Ver = | Size = 1456123 bytes | Modified Date = 4/7/2007 12:05:06 AM | Attr = HS]
security -> %SystemRoot%\security -> [Folder | Modified Date = 4/21/2007 2:58:16 AM | Attr = ]
suxyxx.ini -> %SystemRoot%\suxyxx.ini -> [Ver = | Size = 355 bytes | Modified Date = 3/29/2007 2:56:40 PM | Attr = HS]
swupdate.INI -> %SystemRoot%\swupdate.INI -> [Ver = | Size = 67 bytes | Modified Date = 2/27/2007 9:39:30 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/22/2007 5:53:24 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 4/19/2007 12:20:28 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/21/2007 2:55:12 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/22/2007 2:12:40 AM | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 4/21/2007 5:42:42 PM | Attr = ]
TUTORI~1.INI -> %SystemRoot%\TUTORI~1.INI -> [Ver = | Size = 56 bytes | Modified Date = 3/1/2007 8:17:18 PM | Attr = ]
uwxbay.ini -> %SystemRoot%\uwxbay.ini -> [Ver = | Size = 1456306 bytes | Modified Date = 4/8/2007 7:32:24 PM | Attr = HS]
wabddd.ini -> %SystemRoot%\wabddd.ini -> [Ver = | Size = 1205976 bytes | Modified Date = 4/13/2007 3:18:16 PM | Attr = HS]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 2046 bytes | Modified Date = 4/20/2007 11:33:54 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/12/2007 5:52:58 PM | Attr = ]
xaybcf.ini -> %SystemRoot%\xaybcf.ini -> [Ver = | Size = 1456606 bytes | Modified Date = 3/28/2007 4:43:28 PM | Attr = HS]
yaddeg.tmp -> %SystemRoot%\yaddeg.tmp -> [Ver = | Size = 1456183 bytes | Modified Date = 3/24/2007 4:55:22 PM | Attr = HS]
ybehkj.ini -> %SystemRoot%\ybehkj.ini -> [Ver = | Size = 1456123 bytes | Modified Date = 4/3/2007 12:21:24 PM | Attr = HS]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/21/2007 5:41:34 PM | Attr = H ]
{0EB96059-55E3-4EC6-9CC1-900D733604A5}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{0EB96059-55E3-4EC6-9CC1-900D733604A5}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/20/2007 4:00:04 PM | Attr = H ]
{71E08B6A-2D00-4BD4-9D80-F32633C5D659}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{71E08B6A-2D00-4BD4-9D80-F32633C5D659}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/20/2007 4:00:04 PM | Attr = H ]
{EED74E73-B446-4FD2-AD59-298B384A0F0C}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{EED74E73-B446-4FD2-AD59-298B384A0F0C}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/20/2007 9:00:02 AM | Attr = H ]
{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KOBETOSHIBA_Scott.job -> %SystemRoot%\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KOBETOSHIBA_Scott.job -> [Ver = | Size = 400 bytes | Modified Date = 4/20/2007 6:39:06 PM | Attr = H ]
alamapctrl.dll -> %System32%\alamapctrl.dll -> a la mode, inc. [Ver = 1.02.0298 | Size = 2338816 bytes | Modified Date = 2/27/2007 12:48:54 PM | Attr = ]
alarpt5.ocx -> %System32%\alarpt5.ocx -> a la mode, inc. [Ver = 1.00.0980 | Size = 3428352 bytes | Modified Date = 2/26/2007 2:12:16 PM | Attr = ]
bak -> %System32%\bak -> [Folder | Modified Date = 3/18/2007 7:49:34 PM | Attr = ]
bdod.bin -> %System32%\bdod.bin -> [Ver = | Size = 81984 bytes | Modified Date = 3/22/2007 4:20:30 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/19/2007 8:52:18 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/20/2007 11:21:08 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/29/2007 8:03:18 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/10/2007 7:47:06 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/21/2007 3:03:40 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 291680 bytes | Modified Date = 4/3/2007 4:33:30 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 4/21/2007 5:42:42 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 3/27/2007 1:25:50 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 3/1/2007 11:06:12 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 79392 bytes | Modified Date = 3/27/2007 1:26:06 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 441538 bytes | Modified Date = 3/27/2007 1:26:06 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 529504 bytes | Modified Date = 3/27/2007 1:26:06 AM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 4/14/2007 7:14:14 PM | Attr = ]
sys} -> %System32%\sys} -> [Folder | Modified Date = 2/22/2007 11:35:28 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 4/21/2007 5:42:40 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.461 | Size = 778432 bytes | Modified Date = 4/17/2007 3:31:54 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/22/2007 9:00:46 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 3/22/2007 5:54:32 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/12/2007 10:49:16 PM | Attr = ]
ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Modified Date = 3/29/2007 8:08:42 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Modified Date = 4/4/2007 1:52:52 AM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Modified Date = 2/23/2007 12:09:54 AM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1006 | Size = 26064 bytes | Modified Date = 2/23/2007 7:13:52 AM | Attr = ]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.115 | Size = 28256 bytes | Modified Date = 4/16/2007 9:00:30 AM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 438 bytes | Modified Date = 4/21/2007 5:42:40 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %SystemDrive%\AVG7DB_F.DAT -> [Ver = | Size = 38750214 bytes | Modified Date = 9/20/2005 12:14:02 PM | Attr = RHS]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\rc10444.exe:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 5:00:00 AM | Attr = ]
WSUD , -> %System32%\dwsock6.dll -> Desaware Inc. [Ver = 1.01.0005 | Size = 200704 bytes | Modified Date = 9/9/2002 10:50:44 PM | Attr = ]
aspack , -> %System32%\Incinerator.dll -> iolo technologies, LLC [Ver = 5.5.1.0 | Size = 702464 bytes | Modified Date = 2/17/2005 7:35:48 AM | Attr = ]
Thawte Consulting , -> %System32%\ractrlkeyhook.dll -> [Ver = | Size = 7912 bytes | Modified Date = 5/6/2005 3:55:18 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 5:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.461 | Size = 778432 bytes | Modified Date = 4/17/2007 3:31:54 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:37:50 PM 4/21/2007

+ Scan result:



C:\WINDOWS\system\mirc.ini -> Backdoor.Zapchast : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\default.t1p\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\default.t1p\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.12:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\default.t1p\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.13:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\default.t1p\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.15:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\default.t1p\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.16:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\default.t1p\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Scott\Desktop\WinPFind3u\MovedFiles\WINDOWS\byyyay.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\Documents and Settings\Scott\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\tmp5E.tmp.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Scott\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\tmp80.tmp.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).


::Report end



[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BootService not found.
File C:\WINDOWS\byyyay.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SoundService not found.
File C:\WINDOWS\hggede.DLL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\expmpr not found.
File C:\WINDOWS\SYSTEM32\expmpr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1557B435-8242-4686-9AA3-9265BF7525A4} not found.
File C:\WINDOWS\SYSTEM32\tmp55.tmp.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c157892a-81f5-445c-a5e7-04439e197413} not found.
File C:\WINDOWS\SYSTEM32\expmpr.dll not found.
[Files/Folders - Created Within 60 days]
File C:\WINDOWS\byyyay.dll not found!
File C:\WINDOWS\edeggh.ini not found!
File C:\WINDOWS\gjjilm.ini not found!
File C:\WINDOWS\yayyyb.ini not found!
File C:\WINDOWS\SYSTEM32\expmpr.dll not found!
File C:\WINDOWS\SYSTEM32\tmp55.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\tmp5E.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\tmp80.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\yabbc.exe not found!
[Files/Folders - Modified Within 60 days]
File C:\WINDOWS\byyyay.dll not found!
File C:\WINDOWS\yayyyb.
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA

Unread postby scottp » April 21st, 2007, 9:38 pm

Continued


[Files/Folders - Modified Within 60 days]
File C:\WINDOWS\byyyay.dll not found!
File C:\WINDOWS\yayyyb.ini not found!
File C:\WINDOWS\SYSTEM32\expmpr.dll not found!
File C:\WINDOWS\SYSTEM32\tmp55.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\tmp5E.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\tmp80.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\yabbc.exe not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\byyyay.dll not found!
File C:\WINDOWS\SYSTEM32\tmp55.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\tmp5E.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\tmp80.tmp.dll not found!
File C:\WINDOWS\SYSTEM32\yabbc.exe not found!
< End of log >
Created on 04/21/2007 15:23:44
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA

Unread postby tim s » April 21st, 2007, 10:28 pm

Hello scottp,


Thanks for posting logs.

I will need you to run this next.

Go to Try F-Secure BlackLight
  • Click on I Accept button.
  • Choose Download Blacklight Beta graphical user interface version to download Blacklight to your Desktop
  • Double-click fsbl.exe then accept the agreement
  • Click Scan. Let F-Secure BlackLight scan system.
  • When done You'll see a list of all items found or it will say (No hidden items found).
  • Close program Do Not click next we do not want step 2. run yet! I need to see scan results first
  • There will also be a log on your desktop with the name fsbl.xxxxxxxxxxxxxx.log (the xxxxxxxxxxxxxx stand for numbers).
  • Copy and Paste this log in your next reply.


Please post these in next reply
f-secure fsbl.xxxxxxxxxxxxxx.log
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby scottp » April 22nd, 2007, 6:24 pm

04/22/07 02:09:12 [Info]: BlackLight Engine 1.0.61 initialized
04/22/07 02:09:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/22/07 02:09:12 [Note]: 7019 4
04/22/07 02:09:12 [Note]: 7005 0
04/22/07 02:09:16 [Note]: 7006 0
04/22/07 02:09:16 [Note]: 7011 3524
04/22/07 02:09:17 [Note]: 7026 0
04/22/07 02:09:17 [Note]: 7026 0
04/22/07 02:09:20 [Note]: FSRAW library version 1.7.1021
04/22/07 13:16:51 [Note]: 7007 0



Logfile of HijackThis v1.99.1
Scan saved at 9:49:36 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp55.tmp.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c157892a-81f5-445c-a5e7-04439e197413} - C:\WINDOWS\system32\expmpr.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe "C:\Documents and Settings\Scott\Local Settings\Application Data\Intuit\QuickBooks\Log\DBStartup.log" -y
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\opolll.dll",realset
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: dialog tracker.lnk = C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: XWins - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IECloseWindows - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: IEHelp - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IEHelper - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://vault.alamode.com
O15 - Trusted Zone: http://www.socalappraisal.net
O15 - Trusted Zone: *.wwwalamode.com
O15 - Trusted Zone: http://www.xsitesnetwork.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {31BF1A1B-D895-4CF4-911B-E2C5E7BBECA0} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {626FE447-E830-4F76-A024-41A20EEECF1A} (RyzeAddrCtrl Class) - http://www.ryze.com/RyzeAddr.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3447951145
O16 - DPF: {999D162F-1319-48F0-A7DB-886C582EE2C6} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - https://vault.alamode.com/cab/vfd.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB
O16 - DPF: {B9D71543-E32B-4EAD-83C1-5B4001B0CE80} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C38F2056-BBEE-4FFA-BD07-588081487B32} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} (alaWeb5.cUtil) - file://C:\WIN2000\CONTENT\cabs\alaWeb5.CAB
O16 - DPF: {DDC55619-838F-4CA8-85E8-56EB8E0846FA} (CCRUMIEConnector Class) - http://boltpeters.com/ethnio/EthnioParticipant.CAB
O16 - DPF: {E536CDD9-E068-4DB7-95B0-C68DDE08ED3B} - http://vault.alamode.com/cab/vaultinstall.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\Software\..\Telephony: DomainName = pettifer
O17 - HKLM\System\CCS\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS1\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS2\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL
O20 - Winlogon Notify: expmpr - C:\WINDOWS\SYSTEM32\expmpr.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" -sALAMODE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE" -i ALAMODE (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA

Unread postby tim s » April 22nd, 2007, 8:22 pm

Hello scottp,

Thanks for posting log. Blacklight scan came back fine that is what I needed to know. I will need you to delete this tools.
Vundofix.exe
Winpfind folder
fsbl.exe
(F-Secure BlackLight)

I still see more in your log. We are going to use a different tool for this.

---------------------------------------------------------------

I am posting this just to double check that it is still disabled it will interfere. If already disabled skip to next step.

Please disable programs that can interfere with fix:
Disable SpywareDoctor's realtime protection.

  • Open Spyware Doctor
  • Click the "OnGuard" button on the left side.
  • Uncheck "Activate OnGuard".
  • Exit the program.

---------------------------------------------------------------

Next do the following:
1. Download this file - combofix
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a new HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


I will need to review these logs when you post them
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby scottp » April 23rd, 2007, 12:18 am

"Scott" - 07-04-22 21:04:07 Service Pack 2
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\Scott\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\install.log
C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\NwSapAgent
-------\LEGACY_NWSAPAGENT


((((((((((((((((((((((((((((((( Files Created from 2007-03-22 to 2007-04-22 ))))))))))))))))))))))))))))))))))


2007-04-21 19:03 <DIR> d-------- C:\Program Files\Fanix
2007-04-21 19:03 <DIR> d-------- C:\DOCUME~1\Scott\APPLIC~1\Fanix
2007-04-21 15:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-21 02:02 <DIR> d-------- C:\Program Files\CCleaner
2007-04-18 20:32 <DIR> d-------- C:\VundoFix Backups
2007-04-16 09:00 28,256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-04-07 14:49 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2007-03-29 19:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-03-27 01:25 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-27 01:25 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-27 01:25 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-27 01:25 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-25 20:32 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint 5.4
2007-03-22 16:31 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-03-22 16:31 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-03-22 16:31 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-03-22 16:31 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-03-22 16:31 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-03-22 16:31 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-22 16:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-03-22 16:31 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-03-22 16:31 <DIR> d-------- C:\DOCUME~1\Scott\APPLIC~1\PC Tools
2007-03-22 16:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-03-22 16:30 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-22 01:43 15620 --a------ C:\DOCUME~1\Scott\APPLIC~1\.googlewebacchosts
2007-04-21 18:19 -------- d-------- C:\Program Files\microsoft activesync
2007-04-15 20:34 -------- d-------- C:\Program Files\Common Files\real
2007-04-15 11:04 -------- d-------- C:\Program Files\medic
2007-03-24 18:34 -------- d-------- C:\Program Files\google
2007-03-23 23:50 -------- d-------- C:\Program Files\mapwindow
2007-03-22 16:25 -------- d-------- C:\Program Files\ultramon
2007-03-22 16:20 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-03-22 13:54 -------- d-------- C:\Program Files\microsoft intellipoint
2007-03-21 23:06 -------- d-------- C:\Program Files\quicktime
2007-03-17 06:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-10 00:09 -------- d-------- C:\DOCUME~1\Scott\APPLIC~1\viewpoint
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-01 20:11 -------- d-------- C:\Program Files\knowbrainer
2007-02-27 12:48 2338816 --a------ C:\WINDOWS\system32\alamapctrl.dll
2007-02-20 09:51 1527808 --a------ C:\WINDOWS\system32\wtusers.dll
2007-02-16 17:05 454656 --a------ C:\WINDOWS\system32\alaconn5.dll
2007-02-15 15:45 3289088 --a------ C:\WINDOWS\system32\adbilling.dll
2007-02-14 12:45 1253376 --a------ C:\WINDOWS\system32\wtfiles.dll
2007-02-12 19:18 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-02-05 16:02 983040 --a------ C:\WINDOWS\system32\adcontacts.dll
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-02 16:17 471040 --a------ C:\WINDOWS\system32\aladbimport.dll
2007-02-02 12:44 217088 --a------ C:\WINDOWS\system32\apex2ctl.dll
2007-02-02 12:09 221184 --a------ C:\WINDOWS\system32\apex3ctl.dll
2007-01-29 15:08 3403776 --a------ C:\WINDOWS\system32\filecabinet5.dll
2007-01-29 10:24 1789952 --a------ C:\WINDOWS\system32\alacontacts.dll
2007-01-25 19:23 689664 --a------ C:\WINDOWS\system32\wtapi.exe
2007-01-25 15:08 230912 --a------ C:\WINDOWS\system32\vaultfilesdownloader.exe
2007-01-24 15:33 1658880 --a------ C:\WINDOWS\system32\apexreg.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{11359F4A-B191-42d7-905A-594F8CF0387B} C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
{69A87B7D-DE56-4136-9655-716BA50C19C7} C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
{724d43a9-0d85-11d4-9908-00400523e39a} C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{7c1ce531-09e9-4fc5-9803-1c2956615786} C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"UltraMon"="\"C:\\Program Files\\UltraMon\\UltraMon.exe\" /auto"
"QuickBooksDB17"="C:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe \"C:\\Documents and Settings\\Scott\\Local Settings\\Application Data\\Intuit\\QuickBooks\\Log\\DBStartup.log\" -y"
"DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"The Assistant"="C:\\Program Files\\a la mode\\Sched\\eSched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1"
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\Corex Product Update]
"Corex Product Update"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HijackThis"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="Guru"
"hkey"="HKCU"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\{0EB96059-55E3-4EC6-9CC1-900D733604A5}_KOBETOSHIBA_Scott.job
C:\WINDOWS\tasks\{71E08B6A-2D00-4BD4-9D80-F32633C5D659}_KOBETOSHIBA_Scott.job
C:\WINDOWS\tasks\{EED74E73-B446-4FD2-AD59-298B384A0F0C}_KOBETOSHIBA_Scott.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KOBETOSHIBA_Scott.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-22 21:06:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-22 21:06:47
C:\ComboFix-quarantined-files.txt ... 07-04-22 21:06



Logfile of HijackThis v1.99.1
Scan saved at 9:12:43 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\gcdtmp108\GoogleDesktopSetupHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Fanix\As-U-Type Trial\AsutypeTrial.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\Program Files\Novatix\ExplorerPlus\NxExplo.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -n QB_KOBETOSHIBA_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe "C:\Documents and Settings\Scott\Local Settings\Application Data\Intuit\QuickBooks\Log\DBStartup.log" -y
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: dialog tracker.lnk = C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: As-U-Type Trial.lnk = C:\Program Files\Fanix\As-U-Type Trial\AsutypeTrial.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: XWins - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IECloseWindows - {53A008B9-E8B5-4d83-87D9-D444C3F496CF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: IEHelp - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IEHelper - {EA858A55-5185-4079-8721-507905E37CD4} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://vault.alamode.com
O15 - Trusted Zone: http://www.socalappraisal.net
O15 - Trusted Zone: *.wwwalamode.com
O15 - Trusted Zone: http://www.xsitesnetwork.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {31BF1A1B-D895-4CF4-911B-E2C5E7BBECA0} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {626FE447-E830-4F76-A024-41A20EEECF1A} (RyzeAddrCtrl Class) - http://www.ryze.com/RyzeAddr.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3447951145
O16 - DPF: {999D162F-1319-48F0-A7DB-886C582EE2C6} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - https://vault.alamode.com/cab/vfd.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\WIN2000\CONTENT\cabs\alaGrid.CAB
O16 - DPF: {B9D71543-E32B-4EAD-83C1-5B4001B0CE80} - file://Z:\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C38F2056-BBEE-4FFA-BD07-588081487B32} (alaImportExport.ImportExport) - http://wbsvc.alamode.com/ImportExport/ImportExport.CAB
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} (alaWeb5.cUtil) - file://C:\WIN2000\CONTENT\cabs\alaWeb5.CAB
O16 - DPF: {DDC55619-838F-4CA8-85E8-56EB8E0846FA} (CCRUMIEConnector Class) - http://boltpeters.com/ethnio/EthnioParticipant.CAB
O16 - DPF: {E536CDD9-E068-4DB7-95B0-C68DDE08ED3B} - http://vault.alamode.com/cab/vaultinstall.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\Software\..\Telephony: DomainName = pettifer
O17 - HKLM\System\CCS\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS1\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pettifer
O17 - HKLM\System\CS2\Services\Tcpip\..\{00971FC6-A25C-4D74-9C1E-9F1008A319BD}: NameServer = 10.10.10.200,65.106.1.196,65.106.7.196
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe" -sALAMODE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$ALAMODE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE" -i ALAMODE (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
scottp
Active Member
 
Posts: 13
Joined: April 15th, 2007, 2:32 pm
Location: Santa Ana, CA

Unread postby tim s » April 23rd, 2007, 7:57 pm

Hello scottp,

Good job your log is looking better now.

I need to know what firewall program you are using? I am not seeing one in your log. AVG AntiVirus program if you are using the free one doesn't come with a firewall. *NOTE* You must not install but one firewall or antivirus program on computer. They will conflict with each other leaving you open to infection.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free for home personal use only) firewalls:

----------------------------------------------------------------

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.


------------------------------------------------------------------

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses. You need to update.

Download the latest version of Java Runtime Environment (JRE) 6u1
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u 1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Click Start then Control Panel > then Add/Remove Programs and remove all older versions of Java.
  • Remove any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed to complete uninstall.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

--------------------------------------------------------------------------

Here I will need you to run this online scan to see if there is any leftovers that need to be taken care of.

Please do an online scan with Kaspersky Online Scanner

Notice!
A new version of Kaspersky Virus Scanner has been released on August 8, 2006. If you have installed a previous version, you must unistall that program first before installing the new version. To uninstall, please go to the computer control panel and select "Add/Remove Programs." Close all Internet Explorer windows before uninstalling the Kaspersky Online Scanner.
*NOTE* You must use Internet Explorer for this scan not Firefox.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save Report As button:
    • Save the file to your desktop.
    • File Type: Text file (*.txt).
    • Name: Kav.txt for example
  • Copy and paste that information in your next post.


------------------------------------------------------------------

Please post in next reply;
What firewall program you have?
kaspersky scan report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 493 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware