Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Just a bit paranoid

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby askey127 » July 1st, 2007, 8:07 am

Let's do one more scan.
------------------------------------------------------
Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Copy/Paste the information in your Reply.
If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Unread postby JustinW » July 1st, 2007, 8:17 am

WinPFind3 logfile created on: 7/1/2007 8:11:20 AM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Justin W\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

1022.73 Mb Total Physical Memory | 660.39 Mb Available Physical Memory | 64.57% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.46% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 30.78 Gb Free Space | 41.31% Space Free
Drive D: | 7.80 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JUSTIN
Current User Name: Justin W
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:36 AM | Attr = R ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1128451242\EE\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 8:52:48 PM | Attr = ]
aolsp scheduler.exe -> %CommonProgramFiles%\AOL\1128451242\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 10/23/2006 3:04:42 PM | Attr = ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 4:54:14 PM | Attr = ]
dtsrvc.exe -> %ProgramFiles%\Portrait Displays\forteManager\dtsrvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 10/4/2004 5:18:30 PM | Attr = ]
ezsp_px.exe -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
floater.exe -> %ProgramFiles%\WinPortrait\floater.exe -> [Ver = | Size = 747256 bytes | Modified Date = 10/4/2004 5:00:00 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 6/30/2007 7:40:34 AM | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 8:38:42 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 3, 0, 38, 1 | Size = 49152 bytes | Modified Date = 2/18/2004 1:55:28 PM | Attr = ]
hpztsb10.exe -> %System32%\spool\drivers\w32x86\3\hpztsb10.exe -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 3/4/2004 11:46:24 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 8/27/2003 12:00:12 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 3/13/2002 8:50:34 AM | Attr = ]
mcupdmgr.exe -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 8 | Size = 245760 bytes | Modified Date = 8/21/2003 7:06:56 PM | Attr = ]
mcvsescn.exe -> %ProgramFiles%\McAfee.com\VSO\McVSEscn.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 30 | Size = 417849 bytes | Modified Date = 4/28/2004 6:55:12 PM | Attr = ]
mcvsftsn.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsftsn.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 20 | Size = 221184 bytes | Modified Date = 9/29/2003 4:38:16 PM | Attr = ]
mcvsrte.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 8/8/2003 7:04:38 PM | Attr = ]
mcvsshld.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 15 | Size = 163840 bytes | Modified Date = 8/17/2003 10:50:34 PM | Attr = ]
mpbtn.exe -> %ProgramFiles%\3com\Connection Assistant\bin\mpbtn.exe -> Motive Communications, Inc. [Ver = 4.03.02.10.20020320_180000 | Size = 176128 bytes | Modified Date = 3/21/2002 3:44:46 PM | Attr = ]
nintendowfcreg.exe -> %ProgramFiles%\WiFiConnector\NintendoWFCReg.exe -> [Ver = 1, 0, 0, 31 | Size = 1073152 bytes | Modified Date = 12/15/2005 4:28:36 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 77824 bytes | Modified Date = 11/17/2003 2:33:00 PM | Attr = ]
psiservice.exe -> %System32%\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 8:40:12 PM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2025 | Size = 895160 bytes | Modified Date = 7/26/2006 1:32:22 AM | Attr = ]
shellmon.exe -> %ProgramFiles%\America Online 9.0a\shellmon.exe -> America Online, Inc. [Ver = 9.02.000 | Size = 54872 bytes | Modified Date = 7/12/2005 1:17:50 AM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 7:50:10 PM | Attr = ]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 5/30/2003 1:42:22 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 5/29/2003 8:28:32 PM | Attr = ]
thguard.exe -> %ProgramFiles%\TrojanHunter 4.5\THGuard.exe -> Mischel Internet Security [Ver = 4.5.0.275 | Size = 1120256 bytes | Modified Date = 5/31/2006 7:52:04 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 11:27:44 AM | Attr = ]
waol.exe -> %ProgramFiles%\America Online 9.0a\waol.exe -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 7/12/2005 1:17:52 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
wintab32.exe -> %System32%\wintab32.exe -> [Ver = | Size = 122880 bytes | Modified Date = 5/2/2005 2:59:32 PM | Attr = ]
wpctrl.exe -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 694008 bytes | Modified Date = 10/4/2004 4:59:54 PM | Attr = ]
wtxpload.exe -> %SystemRoot%\Acecad\wtxpload.exe -> GATI [Ver = 1.03 | Size = 57344 bytes | Modified Date = 5/1/2005 12:14:28 AM | Attr = ]
xpoint32.exe -> %SystemRoot%\Acecad\xpoint32.exe -> GATI [Ver = 1.00.01.012 | Size = 125952 bytes | Modified Date = 5/1/2005 12:42:32 AM | Attr = ]
zpoint32.exe -> %System32%\zpoint32.exe -> ACE CAD Enterprise Co., Ltd. [Ver = 2, 0, 0, 0 | Size = 20480 bytes | Modified Date = 7/4/2002 2:49:48 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 7/19/2005 3:15:12 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:36 AM | Attr = R ]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 4:54:14 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 6/30/2007 7:40:34 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
(DTSRVC) Portrait Displays Display Tune Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Portrait Displays\forteManager\dtsrvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 10/4/2004 5:18:30 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 8/30/2004 7:54:10 AM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 3/13/2002 8:50:34 AM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 8 | Size = 245760 bytes | Modified Date = 8/21/2003 7:06:56 PM | Attr = ]
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 106496 bytes | Modified Date = 8/8/2003 7:04:38 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 77824 bytes | Modified Date = 11/17/2003 2:33:00 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\Pacsptisvr.exe -> [Ver = 1, 0, 0, 1 | Size = 65625 bytes | Modified Date = 12/9/2003 6:38:14 AM | Attr = ]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %System32%\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 11/2/2006 8:40:12 PM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2025 | Size = 895160 bytes | Modified Date = 7/26/2006 1:32:22 AM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 7:50:10 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\Sptisrv.exe -> Sony Corporation [Ver = 3.4.00.12090 | Size = 65622 bytes | Modified Date = 12/9/2003 6:32:58 AM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 11:27:44 AM | Attr = ]
(Wintab32) NexTab [Win32_Own | Auto | Running] -> %System32%\wintab32.exe -> [Ver = | Size = 122880 bytes | Modified Date = 5/2/2005 2:59:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acecad.Wtxpload -> %SystemRoot%\Acecad\wtxpload.exe -> GATI [Ver = 1.03 | Size = 57344 bytes | Modified Date = 5/1/2005 12:14:28 AM | Attr = ]
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 8:50:38 AM | Attr = R ]
ezShieldProtector for Px -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1128451242\EE\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 8:52:48 PM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 8:38:42 AM | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 3, 0, 38, 1 | Size = 49152 bytes | Modified Date = 2/18/2004 1:55:28 PM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb10.exe -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 3/4/2004 11:46:24 AM | Attr = ]
KernelFaultCheck -> -> File not found
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 10 | Size = 245760 bytes | Modified Date = 8/27/2003 12:00:12 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 3, 0, 7 | Size = 180224 bytes | Modified Date = 8/21/2003 7:10:50 PM | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 2:50:42 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 3022848 bytes | Modified Date = 11/17/2003 2:33:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 49152 bytes | Modified Date = 11/17/2003 2:33:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 753664 bytes | Modified Date = 11/17/2003 2:33:00 PM | Attr = ]
PivotSoftware -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 694008 bytes | Modified Date = 10/4/2004 4:59:54 PM | Attr = ]
Pure Networks Port Magic -> %ProgramFiles%\Pure Networks\Port Magic\PortAOL.exe -> Pure Networks, Inc. [Ver = 1.2.1393.0 | Size = 99480 bytes | Modified Date = 4/5/2004 5:33:54 PM | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 25 | Size = 585728 bytes | Modified Date = 5/30/2003 1:42:22 PM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 5/29/2003 8:28:32 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
THGuard -> %ProgramFiles%\TrojanHunter 4.5\THGuard.exe -> Mischel Internet Security [Ver = 4.5.0.275 | Size = 1120256 bytes | Modified Date = 5/31/2006 7:52:04 PM | Attr = ]
VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 15 | Size = 163840 bytes | Modified Date = 8/17/2003 10:50:34 PM | Attr = ]
VSOCheckTask -> %ProgramFiles%\McAfee.com\VSO\mcmnhdlr.exe -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 12 | Size = 122880 bytes | Modified Date = 8/8/2003 7:02:10 PM | Attr = ]
ZPOINT32 -> %System32%\zpoint32.exe -> ACE CAD Enterprise Co., Ltd. [Ver = 2, 0, 0, 0 | Size = 20480 bytes | Modified Date = 7/4/2002 2:49:48 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AOL Fast Start -> %ProgramFiles%\America Online 9.0a\aol.exe -> America Online, Inc. [Ver = 9.02.000 | Size = 50776 bytes | Modified Date = 7/12/2005 1:17:44 AM | Attr = ]
Spyware Doctor -> -> File not found
WebCamRT.exe -> -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\3Com Connection Assistant.lnk -> %ProgramFiles%\3com\Connection Assistant\bin\matcli.exe -> Motive Communications, Inc. [Ver = 4.03.02.10.20020320_180000 | Size = 208896 bytes | Modified Date = 3/20/2002 6:30:44 PM | Attr = ]
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 10/14/2003 2:11:40 AM | Attr = ]
%AllUsersStartup%\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk -> %ProgramFiles%\WiFiConnector\NintendoWFCReg.exe -> [Ver = 1, 0, 0, 31 | Size = 1073152 bytes | Modified Date = 12/15/2005 4:28:36 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Justin W\Start Menu\Programs\Startup ->
%UserStartup%\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:36 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 6/30/2007 7:40:34 AM | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 11:20:58 PM | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
WgaLogon -> Reg Data - Value does not exist -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ÿ
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{9CFEDDAB-0C7E-1033-1014-040326030001} -> "C:\Program Files\Common Files\{9CFEDDAB-0C7E-1033-1014-040326030001}\Update.exe" mc-110-12-0000103 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (0 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.msn.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://ie.search.msn.com ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://ytmnd.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/2/2003 11:24:02 PM | Attr = R ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2069 | Size = 803048 bytes | Modified Date = 5/5/2006 1:55:04 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2281 | Size = 839920 bytes | Modified Date = 5/5/2006 1:56:36 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 1/29/2004 2:00:40 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 1/29/2004 2:00:40 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 11:01:28 AM | Attr = ]
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> Networks Associates Technology, Inc [Ver = 8, 0, 0, 15 | Size = 114743 bytes | Modified Date = 8/18/2003 12:19:32 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [&Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 1, 7, 1 | Size = 272983 bytes | Modified Date = 1/7/2004 2:32:12 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{23DB9785-B649-45CD-B942-35C6BF47607E} [HKLM] -> %SystemDrive%\DOCUME~1\JUSTIN~1\APPLIC~1\stfbpcrglj.dll [prsssstrcho] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [&Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 1, 7, 1 | Size = 272983 bytes | Modified Date = 1/7/2004 2:32:12 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar search -> %CommonProgramFiles%\aolcoach\en_en\player\plugin\toolbar.dll\SEARCH.HTM -> File not found
Yahoo! Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 609 bytes | Modified Date = 4/9/2003 6:51:48 PM | Attr = ]
Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 598 bytes | Modified Date = 4/9/2003 6:47:56 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
{80D22A9F-93CD-6639-A16C-0039211E56D6} -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1C72ACB9-9492-484C-8C4D-B96B28AB2FD7} -> (RCA USB Cable Modem) ->
{26EF2EB3-3937-44E2-99FC-EE17530F5A0E} -> (3Com Gigabit LOM (3C940)) ->
{F2BDAF9D-4F68-4FBD-AF8D-76051AE912BE} -> () ->
{F6D026ED-74C8-4CCA-ACE2-F082BB764323} -> (Nintendo Wi-Fi USB Connector) ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 8:38:40 AM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 11:01:28 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000161-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaudio.cab ->
{00000162-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wma9dmo.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partne ... nicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shoc ... tor/sw.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/ ... mv9VCM.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Fac ... loader.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/C ... 7678009259 ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
ActiveGS.cab -> - CodeBase = http://www.virtualapple.org/activegs.cab ->
DirectAnimation Java Classes -> - CodeBase = ->
Microsoft XML Parser for Java -> - CodeBase = ->

[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 6/22/2007 3:42:24 PM | Attr = HS]
fsbl.exe -> %SystemDrive%\fsbl.exe -> F-Secure Corporation [Ver = 2, 2, 1064, 0 | Size = 904048 bytes | Created Date = 7/1/2007 6:11:06 AM | Attr = ]
virtualcontrol -> %SystemDrive%\virtualcontrol -> [Folder | Created Date = 6/30/2007 6:39:40 AM | Attr = ]
tmtdla3z.dll -> %SystemRoot%\tmtdla3z.dll -> [Ver = | Size = 1 bytes | Created Date = 6/24/2007 1:39:37 AM | Attr = ]
alobutton.ocx -> %System32%\alobutton.ocx -> Alo Soft [Ver = 1.00 | Size = 98304 bytes | Created Date = 6/24/2007 1:39:36 AM | Attr = ]
AloFrame.ocx -> %System32%\AloFrame.ocx -> http://www.alosoft.com [Ver = 1.00 | Size = 53248 bytes | Created Date = 6/24/2007 1:39:37 AM | Attr = ]
Aloprogress.ocx -> %System32%\Aloprogress.ocx -> Alo Soft [Ver = 1.00 | Size = 61440 bytes | Created Date = 6/24/2007 1:39:36 AM | Attr = ]
ISUSPM.cpl -> %System32%\ISUSPM.cpl -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 73728 bytes | Created Date = 6/21/2007 10:17:20 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/4/2007 2:29:26 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/4/2007 2:29:26 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 6/4/2007 2:29:26 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 7/1/2007 2:51:59 AM | Attr = ]
lame_enc.dll -> %System32%\lame_enc.dll -> [Ver = | Size = 237568 bytes | Created Date = 6/24/2007 1:39:51 AM | Attr = ]
maaa.dll -> %System32%\maaa.dll -> NCT Company Ltd. [Ver = 2,5,5,539 | Size = 1843200 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maab.dll -> %System32%\maab.dll -> NCT Company Ltd. [Ver = 2,5,5,252 | Size = 315392 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maac.dll -> %System32%\maac.dll -> NCT Company Ltd. [Ver = 2,5,1,104 | Size = 335872 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maad.dll -> %System32%\maad.dll -> NCT Company Ltd. [Ver = 2,5,7,346 | Size = 729088 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maae.dll -> %System32%\maae.dll -> NCT [Ver = 2,6,2,92 | Size = 835584 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maaf.dll -> %System32%\maaf.dll -> NCT Company Ltd. [Ver = 2,5,5,183 | Size = 311296 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maag.dll -> %System32%\maag.dll -> NCT Company Ltd. [Ver = 2,4,1,113 | Size = 196608 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maah.dll -> %System32%\maah.dll -> NCT Company Ltd. [Ver = 2,6,2,247 | Size = 1040384 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]
maai.dll -> %System32%\maai.dll -> NCT Company Ltd. [Ver = 2,5,4,173 | Size = 450560 bytes | Created Date = 6/24/2007 1:39:53 AM | Attr = ]
shareet.ocx -> %System32%\shareet.ocx -> ???? ??? ???? [Ver = 1.01 | Size = 65536 bytes | Created Date = 6/24/2007 1:39:36 AM | Attr = ]
wavdest.ax -> %System32%\wavdest.ax -> [Ver = | Size = 40960 bytes | Created Date = 6/24/2007 1:39:52 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 194 bytes | Modified Date = 7/1/2007 3:49:26 AM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/23/2007 1:41:14 AM | Attr = HS]
fsbl.exe -> %SystemDrive%\fsbl.exe -> F-Secure Corporation [Ver = 2, 2, 1064, 0 | Size = 904048 bytes | Modified Date = 7/1/2007 7:11:08 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/1/2007 6:46:30 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 7/1/2007 3:48:46 AM | Attr = HS]
unzipped -> %SystemDrive%\unzipped -> [Folder | Modified Date = 6/21/2007 9:43:06 PM | Attr = ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 57847 bytes | Modified Date = 7/1/2007 8:10:38 AM | Attr = ]
virtualcontrol -> %SystemDrive%\virtualcontrol -> [Folder | Modified Date = 6/30/2007 7:39:42 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/1/2007 7:09:40 AM | Attr = ]
AudACM.ini -> %SystemRoot%\AudACM.ini -> [Ver = | Size = 56 bytes | Modified Date = 6/23/2007 4:10:52 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/1/2007 7:49:54 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/1/2007 3:52:02 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/30/2007 9:32:04 AM | Attr = R S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/1/2007 3:52:00 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/22/2007 4:42:44 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 7/1/2007 3:52:00 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/1/2007 8:11:12 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 7/1/2007 3:37:42 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 7/1/2007 3:49:26 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 7/1/2007 3:52:00 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/1/2007 7:51:06 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/1/2007 7:50:14 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1159 bytes | Modified Date = 7/1/2007 8:10:38 AM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 192 bytes | Modified Date = 6/24/2007 3:02:48 AM | Attr = ]
WINTAB.INI -> %SystemRoot%\WINTAB.INI -> [Ver = | Size = 745 bytes | Modified Date = 7/1/2007 7:49:54 AM | Attr = ]
McAfee.com Update Check (JUSTIN-Justin W).job -> %SystemRoot%\tasks\McAfee.com Update Check (JUSTIN-Justin W).job -> [Ver = | Size = 500 bytes | Modified Date = 7/1/2007 8:11:02 AM | Attr = ]
McAfee.com Update Check (JUSTIN-user).job -> %SystemRoot%\tasks\McAfee.com Update Check (JUSTIN-user).job -> [Ver = | Size = 492 bytes | Modified Date = 7/1/2007 8:10:00 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/1/2007 7:49:56 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 7/1/2007 7:53:56 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 6/30/2007 7:36:50 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/30/2007 7:36:50 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 264616 bytes | Modified Date = 6/30/2007 7:17:16 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 7/1/2007 3:52:00 AM | Attr = ]
lame_enc.dll -> %System32%\lame_enc.dll -> [Ver = | Size = 237568 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maaa.dll -> %System32%\maaa.dll -> NCT Company Ltd. [Ver = 2,5,5,539 | Size = 1843200 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maab.dll -> %System32%\maab.dll -> NCT Company Ltd. [Ver = 2,5,5,252 | Size = 315392 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maac.dll -> %System32%\maac.dll -> NCT Company Ltd. [Ver = 2,5,1,104 | Size = 335872 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maad.dll -> %System32%\maad.dll -> NCT Company Ltd. [Ver = 2,5,7,346 | Size = 729088 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maae.dll -> %System32%\maae.dll -> NCT [Ver = 2,6,2,92 | Size = 835584 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maaf.dll -> %System32%\maaf.dll -> NCT Company Ltd. [Ver = 2,5,5,183 | Size = 311296 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maag.dll -> %System32%\maag.dll -> NCT Company Ltd. [Ver = 2,4,1,113 | Size = 196608 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maah.dll -> %System32%\maah.dll -> NCT Company Ltd. [Ver = 2,6,2,247 | Size = 1040384 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
maai.dll -> %System32%\maai.dll -> NCT Company Ltd. [Ver = 2,5,4,173 | Size = 450560 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 7/1/2007 3:48:46 AM | Attr = ]
wavdest.ax -> %System32%\wavdest.ax -> [Ver = | Size = 40960 bytes | Modified Date = 6/24/2007 2:39:54 AM | Attr = ]
winitn.dll -> %System32%\winitn.dll -> [Ver = | Size = 35 bytes | Modified Date = 6/24/2007 2:40:08 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 7/1/2007 7:53:54 AM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 432 bytes | Modified Date = 7/1/2007 7:50:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\DAE.dll -> Digidesign, Inc. [Ver = 5.0.1.471 R2 | Size = 2019389 bytes | Modified Date = 12/15/2000 11:21:14 AM | Attr = ]
WSUD , -> %System32%\DAE.dll.rsr -> [Ver = | Size = 447777 bytes | Modified Date = 12/15/2000 3:10:44 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.6.1.1 | Size = 740442 bytes | Modified Date = 5/11/2007 12:37:16 AM | Attr = ]
PTech , abetterinternet.com , ad-w-a-r-e.com , -> %System32%\ie-ads-uninst.reg -> [Ver = | Size = 1212765 bytes | Modified Date = 11/11/2004 4:11:48 PM | Attr = ]
PTech , abetterinternet.com , ad-w-a-r-e.com , -> %System32%\ie-ads.reg -> [Ver = | Size = 1247943 bytes | Modified Date = 11/11/2004 4:13:04 PM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft Corp. [Ver = 1.5.0512.0 | Size = 550120 bytes | Modified Date = 2/14/2006 10:20:14 AM | Attr = ]
UPX! , UPX0 , -> %System32%\realmrec.dll -> MarineCat [Ver = 2, 3, 9, 0 | Size = 79360 bytes | Modified Date = 10/27/2004 6:22:06 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]

< End of report >
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby askey127 » July 1st, 2007, 9:04 am

Your log looks OK.
-----------------------------------------------------------
Peer to Peer File Sharing
Please note that as long as you're using any form of Peer-to-Peer networking (Ares, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of your current malware infestation.
Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/
Regardless of the program used, the practice of file-sharing is very unsafe for the health of your PC.

You have a lot of files from the ALO Audio Editor on your system, but as far as I can tell, they are not harmful.

As a final check, Let's try to run a different Rootkit detector:
-----------------------------------------------------------
AVG Anti-Rootkit
Download AVG Anti Rootkit© by Grisoft and save it to your desktop.
Double-click on AVG_AntiRootkit.exe to run it.
Click I Agree to agree to the EULA.
By default it will install to "C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta"
Click Next to begin the installation then click Install
It will then ask you to reboot now to finish the installation.
Click Finish and your computer will reboot.
After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
Click on the Perform in-depth search button to begin the scan.
The scan will take a while so be patient and let it complete.
When the scan is finished, click the Save result to file button.
Save the scan results to your desktop
Copy and Paste the scan results here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby JustinW » July 1st, 2007, 10:14 pm

It just said "no rootkits found", and the the option to save the log was grayed out.
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby askey127 » July 2nd, 2007, 6:21 am

Your log looks Ok.
------------------------------------------------------------
Update Your Windows XP.
You should update your Windows XP to SP2, NOW. This fixes a large number of security holes in your system.
It is a very large download, and is not feasible with Dial-Up. If you are on Dial-up, order the CD from the site below.For updating with Firefox:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=EF6EA470-D51C-4BE5-A15B-74430E9E2AD4&displaylang=en

It is absolutely vital that you get this done, or you will have trouble often.
After it's installed, set Automatic updates.
We will be glad to check out your PC after SP2 is installed, to be sure everything went according to plan

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby JustinW » July 2nd, 2007, 8:57 am

Thank you so much, everything seems to be in order.

I saw that there was also a Service Pack 3, should I install that as well?
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Unread postby askey127 » July 2nd, 2007, 10:23 am

If you read about that, you will see that it is just speculation about a possible future pack, but not in fact a reality at this time.
SP2 will be fine.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby NonSuch » July 13th, 2007, 5:05 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware