Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Review Hi Logfile


  • This topic is locked This topic is locked
10 replies to this topic

#1 BobJRT

BobJRT

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 28 August 2006 - 01:42 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:57:55 AM, on 8/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\desk95.exe
C:\WINDOWS\system32\Viewport.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\trueplay.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rsvp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freerepublic.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\Common Files\AolCoach\en_en\player\plugin\ToolBar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Progra~1\REGSHAVE\REGSHAVE.EXE" /autorun
O4 - HKLM\..\Run: [RCScheduleCheck] "C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE" -CHECK
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1107231104\EE\AOLHostManager.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [HydraVisionViewport] Viewport.exe
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [washindex] "C:\Program Files\Washer\washidx.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [Washer] "C:\Program Files\Washer\washer.exe" /0
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [finalbid.exe] "C:\PROGRA~1\VCOM\FINALB~1\finalbid.exe" /minimize
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCLEAN~2.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [washindex] "C:\Program Files\Washer\washidx.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\Common Files\AolCoach\en_en\player\plugin\ToolBar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\Common Files\AolCoach\en_en\player\plugin\ToolBar.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Program Files\VCOM\Final Bid\finalbid.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Program Files\VCOM\Final Bid\finalbid.exe (HKCU)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://www.freerepublic.com
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl...22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...55/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {556DDE36-E951-11D1-A708-000000521958} - http://www.xblock.com/members/files/xcleaner_full_setup.cab
O16 - DPF: {611CF77F-F7F5-4EA1-B979-667671326B4C} (MarketTrader - ETrade v243a) - http://etrade.bridge.com/etgmt_prd/java/gmtb_etrade_i.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149883427043
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6F07CA40-1983-11D6-B8FA-00C04F5E375A} (Global MarketTrade - ETrade package) - http://etrade.bridge.com/etgmt_backup/java/gmt_etrade_i.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.rightalk.com/webcam/AxisCamControl.ocx
O16 - DPF: {C0288443-26C2-11D6-B8FA-00C04F5E375A} (Global MarketTrader - Bridge package) - http://etrade.bridge.com/etgmt_backup/java/gmt_bridge_i.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://paychexevents.webex.com/client/v_my...ing/ieatgpc.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {E93A06EF-ABD8-4FA5-96BF-968614B08531} (MarketTrader - Reuters v243b) - http://etrade.bridge.com/etgmt_prd/java/gmtb_bridge_i.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - America Online, Inc - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Logitech - (no file)
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Winkai - Sygate Technologies, Inc. - (no file)

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:40 PM

Posted 04 September 2006 - 02:39 PM

Hello BobJRT and welcome to the BC HijackThis forum. The only things I see in the log are a few items with missing files. What program is saying that these infections are present and where are they located?

Let's try an Ewido scan and see what it picks up. First download ewido anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 BobJRT

BobJRT
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 10 September 2006 - 01:49 PM

Oldtimer,

Thanks for the help. I have several virus/spyware programs and they all come up with a different virus that keep regenerating themselves. Spy Sweeper says I have "CWS_analyzeie", Adware Away says I have "MSMSGSRV" and System suite says I have "trojbytever" in various incarnations (A,B, AC, etc.).

The only operational problem I seem to have is an intermittent web access. I will be able to access web pages for 3 minutes, then it goes down for three minutes, etc. over and over. It's like having stop signs on the freeway every 100 feet. Note: I still have web access. A file I have running at the time will continue to run, for example, if I'm listining to some music or video or downloading a file, it continues to run. I can continuously ping a site and it shows no interruption or delays.

At first I thought I had some spyware that shut down website access while it was trying to access a site. However, I can see no correlation in my firewall traffic logbook.

I'm lost.

Bob

#4 BobJRT

BobJRT
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 10 September 2006 - 01:58 PM

BTW - I also run Spybot and AdWatch and they show nothing.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:40 PM

Posted 10 September 2006 - 08:17 PM

Hi BobJRT. Can you post the Ewido log back here?

Thanks.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 BobJRT

BobJRT
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 11 September 2006 - 06:30 PM

I ran everything just as you outlined, including checking the "reports" box but after I ran it it didnot generate a report....weird.

It did say I had "adware.lpend".

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:40 PM

Posted 14 September 2006 - 06:13 PM

Hi BobJRT. Ok, let's try this.

WinPFind2 - Simple Report

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 BobJRT

BobJRT
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 September 2006 - 02:54 AM

Thanks OT.

Logfile created on: 09/16/2006 00:51
WinPFind2 by OldTimer - Version 1.0.9 Folder = C:\Documents and Settings\Bob Johnson\Desktop\WinPFind2\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)


< Processes (Non-Microsoft Only) >
c:\program files\lavasoft\ad-aware se plus\ad-watch.exe - (Lavasoft Sweden )
c:\program files\common files\aol\acs\aolacsd.exe - (America Online )
c:\program files\common files\aol\1107231104\ee\aolsoftware.exe - (America Online, Inc. )
c:\program files\common files\aol\1107231104\ee\aolsoftware.exe - (America Online, Inc. )
c:\program files\common files\aol\1107231104\ee\services\antispywareapp\ver2_0_27_1\aolsp scheduler.exe - ( )
c:\program files\common files\aol\topspeed\2.0\aoltpspd.exe - (America Online Inc )
c:\program files\common files\aol\topspeed\2.0\aoltsmon.exe - (America Online, Inc )
c:\windows\system32\atiptaxx.exe - (ATI Technologies, Inc. )
c:\program files\broadjump\client foundation\cfd.exe - (BroadJump, Inc. )
c:\windows\system32\desk95.exe - (ATI Technologies Inc. )
c:\documents and settings\bob johnson\desktop\ewido anti-spyware 4.0\ewido.exe - (Anti-Malware Development a.s. )
c:\program files\expertcity\gotomypc\g2comm.exe - (Citrix Online )
c:\program files\expertcity\gotomypc\g2pre.exe - (Citrix Online )
c:\program files\expertcity\gotomypc\g2svc.exe - (Citrix Online )
c:\program files\expertcity\gotomypc\g2tray.exe - (Citrix Online )
c:\documents and settings\bob johnson\desktop\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\windows\mixer.exe - (C-Media Electronic Inc. (www.cmedia.com.tw) )
c:\progra~1\vcom\system~1\mxtask.exe - (Avanquest Publishing USA, Inc. )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\program files\common files\epson\ebapi\sagent2.exe - (SEIKO EPSON CORPORATION )
c:\program files\webroot\spy sweeper\spysweeper.exe - (Webroot Software, Inc. )
c:\program files\webroot\spy sweeper\spysweeperui.exe - (Webroot Software, Inc. )
c:\program files\webroot\spy sweeper\ssu.exe - ( )
c:\program files\real\realplayer\trueplay.exe - (RealNetworks, Inc. )
c:\program files\real\realplayer\trueplay.exe - (RealNetworks, Inc. )
c:\windows\system32\viewport.exe - (ATI Technologies Inc. )
c:\windows\wanmpsvc.exe - (America Online, Inc. )
c:\program files\washer\washer.exe - ( )
c:\documents and settings\bob johnson\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Search Bar - http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.msn.com/
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Local Page - C:\WINDOWS\SYSTEM\blank.htm
HKCU->Main\\Start Page - http://www.freerepublic.com/
HKCU->Main\\Search Bar - http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\System32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - <local>

[>> BHO's <<]

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))

[HKCU-> Internet Explorer Bars]
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINDOWS\system32\shell32.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar = C:\Program Files\Common Files\AolCoach\en_en\player\plugin\ToolBar.dll (GTek Technologies Ltd. )
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx ( )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 - Sun Java Console
{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - 8194 - Reg Data missing or invalid
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8195 - AOL Toolbar
{866875B8-9855-48f8-BAAB-8002C325BE69} - 8192 - Reg Data missing or invalid
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8196 - PartyPoker.com
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 - Messenger
NextId - 8198

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc. )
{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - ButtonText: Travelaxe = C:\Program Files\Travelaxe\Travelaxe.exe (Travelaxe, Inc. )
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - ButtonText: AOL Toolbar = Reg Data missing or invalid (File not found))
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = Reg Data missing or invalid (File not found))
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = Reg Data missing or invalid (File not found))
CmdMapping - MenuText: Reg Data missing or invalid = Reg Data missing or invalid (File not found))

[HKCU-> Internet Explorer Menu Extensions]
&AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (File not found))
+ Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm (File not found))
+ Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm (File not found))

[HKLM-> Internet Explorer Plugins]
.avi - QuickTime Plug-in 7.0.4 = C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll (Apple Computer, Inc. )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{19F500E0-9964-11cf-B63D-08002B317C03} - Desktop Icon Layout = Layout.dll (Microsoft )
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data missing or invalid (File not found))
{4705BB42-4535-4459-9CC6-9A36CB9392B7} - StealthRay = Reg Data missing or invalid (File not found))
{5E44E225-A408-11CF-B581-008029601108} - Adaptec DirectCD Shell Extension = C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll (Roxio )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc. )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{C56C4E21-706D-11d0-AFC5-444553540002} - My Digital Camera = C:\Program Files\Common Files\FotoNation\camview.dll (FotoNation Inc. )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
* - Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (Avanquest Publishing USA, Inc. )
* - PowerDesk Menu - {26E7F081-EB97-11d3-9239-006008D2D00F} = C:\Program Files\VCOM\PowerDesk\pdshext.dll (V Communications, Inc. )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
AllFilesystemObjects - SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc. )
Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory - Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (Avanquest Publishing USA, Inc. )
Directory - PowerDesk Menu - {26E7F081-EB97-11d3-9239-006008D2D00F} = C:\Program Files\VCOM\PowerDesk\pdshext.dll (V Communications, Inc. )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Folder - IconLayout - {19F500E0-9964-11cf-B63D-08002B317C03} = C:\WINDOWS\SYSTEM32\Layout.dll (Microsoft )
Folder - SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc. )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\!ewido - "C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\ewido.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\AOLDialer - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online )
HKLM->Run\\AtiPTA - atiptaxx.exe (ATI Technologies, Inc. )
HKLM->Run\\BJCFD - C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc. )
HKLM->Run\\C-Media Mixer - Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw) )
HKLM->Run\\EM_EXEC - c:\logitech\mouse\system\em_exec.exe (Logitech Inc. )
HKLM->Run\\GoToMyPC - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon (Citrix Online )
HKLM->Run\\HostManager - C:\Program Files\Common Files\AOL\1107231104\EE\AOLHostManager.exe (America Online, Inc. )
HKLM->Run\\HydraVisionDesktopManager - desk95.exe (ATI Technologies Inc. )
HKLM->Run\\HydraVisionViewport - Viewport.exe (ATI Technologies Inc. )
HKLM->Run\\Ink Monitor - C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\LoadQM - loadqm.exe (Microsoft Corporation )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\RCScheduleCheck - C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK (imagine LAN, Inc. )
HKLM->Run\\REGSHAVE - C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun (FUJI PHOTO FILM CO., LTD. )
HKLM->Run\\Synchronization Manager - mobsync.exe /logon (Microsoft Corporation )
HKLM->Run\\SystemTray - SysTray.Exe (Microsoft Corporation )
HKLM->Run\\tgcmd - "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf (SupportSoft, Inc. )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->RunServicesOnce\\washindex - C:\Program Files\Washer\washidx.exe ( )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->RunOnce\\washindex - C:\Program Files\Washer\washidx.exe ( )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINDOWS\system32\NETSHELL.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
{a5780613-492e-4a2a-a7fd-549610edf6cc} - HookRC Class = C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL ( )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]
Session Manager\\PendingFileRenameOperations -

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
StartUpReg\LoadQM - LoadQM = loadqm.exe (Microsoft Corporation )
StartUpReg\NAV Agent - NAV Agent = Reg Data missing or invalid (File not found))
StartUpReg\PlaxoUpdate - PlaxoUpdate = Reg Data missing or invalid (File not found))
StartUpReg\SSC_UserPrompt - SSC_UserPrompt = Reg Data missing or invalid (File not found))
StartUpReg\Synchronization Manager - Synchronization Manager = mobsync.exe /logon (Microsoft Corporation )

[>> User Agent Post Platform <<]
DigExt -

[>> Winlogon <<]
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found))
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\WRNotifier - WRLogonNTF.dll (Webroot Software, Inc. )
Notify\wzcnotif - wzcdlg.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{54A1D5AF-211B-4411-BC1B-C7F936C746F1} - (Intel® PRO/100 VE Network Connection)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000002 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000003 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000004 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000005 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000006 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000007 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000008 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000009 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000010 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000011 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000023 - CC:\Program Files\VCOM\SystemSuite\MxAVLsp.dll (Avanquest Publishing USA, Inc. )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
mctp - (File not found))
msdaipp - (File not found))
vnd.ms.radio - C:\WINDOWS\System32\msdxm.ocx ( )

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
AOL Connectivity Service (AOL ACS) - "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (America Online ) [Automatic - Running - Win32, running in it's own process]
AOL TopSpeed Monitor (AOL TopSpeedMonitor) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc ) [Automatic - Running - Win32, running in it's own process]
EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION ) [Automatic - Running - Win32, running in it's own process]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
GoToMyPC (GoToMyPC) - "C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (Citrix Online ) [Automatic - Running - Win32, running in it's own process]
iPodService (iPodService) - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
SystemSuite Task Manager (SystemSuite Task Manager) - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe -Service (Avanquest Publishing USA, Inc. ) [Automatic - Running - Win32, running in it's own process]
WAN Miniport (ATW) Service (WANMiniportService) - "C:\WINDOWS\wanmpsvc.exe" (America Online, Inc. ) [Automatic - Running - Win32, running in it's own process]
Webroot Spy Sweeper Engine (WebrootSpySweeperService) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" (Webroot Software, Inc. ) [Automatic - Running - Win32, running in it's own process]
AOL Connectivity Service (AOL ACS) - "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (America Online ) [Automatic - Running - Win32, running in it's own process]
AOL TopSpeed Monitor (AOL TopSpeedMonitor) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc ) [Automatic - Running - Win32, running in it's own process]
EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION ) [Automatic - Running - Win32, running in it's own process]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
GoToMyPC (GoToMyPC) - "C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (Citrix Online ) [Automatic - Running - Win32, running in it's own process]
iPodService (iPodService) - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
SystemSuite Task Manager (SystemSuite Task Manager) - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe -Service (Avanquest Publishing USA, Inc. ) [Automatic - Running - Win32, running in it's own process]
WAN Miniport (ATW) Service (WANMiniportService) - "C:\WINDOWS\wanmpsvc.exe" (America Online, Inc. ) [Automatic - Running - Win32, running in it's own process]
Webroot Spy Sweeper Engine (WebrootSpySweeperService) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" (Webroot Software, Inc. ) [Automatic - Running - Win32, running in it's own process]
AOL Connectivity Service (AOL ACS) - "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (America Online ) [Automatic - Running - Win32, running in it's own process]
AOL TopSpeed Monitor (AOL TopSpeedMonitor) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc ) [Automatic - Running - Win32, running in it's own process]
EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION ) [Automatic - Running - Win32, running in it's own process]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
GoToMyPC (GoToMyPC) - "C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (Citrix Online ) [Automatic - Running - Win32, running in it's own process]
iPodService (iPodService) - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
SystemSuite Task Manager (SystemSuite Task Manager) - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe -Service (Avanquest Publishing USA, Inc. ) [Automatic - Running - Win32, running in it's own process]
WAN Miniport (ATW) Service (WANMiniportService) - "C:\WINDOWS\wanmpsvc.exe" (America Online, Inc. ) [Automatic - Running - Win32, running in it's own process]
Webroot Spy Sweeper Engine (WebrootSpySweeperService) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" (Webroot Software, Inc. ) [Automatic - Running - Win32, running in it's own process]
AOL Connectivity Service (AOL ACS) - "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (America Online ) [Automatic - Running - Win32, running in it's own process]
AOL TopSpeed Monitor (AOL TopSpeedMonitor) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc ) [Automatic - Running - Win32, running in it's own process]
EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION ) [Automatic - Running - Win32, running in it's own process]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Documents and Settings\Bob Johnson\Desktop\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
GoToMyPC (GoToMyPC) - "C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (Citrix Online ) [Automatic - Running - Win32, running in it's own process]
iPodService (iPodService) - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
SystemSuite Task Manager (SystemSuite Task Manager) - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe -Service (Avanquest Publishing USA, Inc. ) [Automatic - Running - Win32, running in it's own process]
WAN Miniport (ATW) Service (WANMiniportService) - "C:\WINDOWS\wanmpsvc.exe" (America Online, Inc. ) [Automatic - Running - Win32, running in it's own process]
Webroot Spy Sweeper Engine (WebrootSpySweeperService) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" (Webroot Software, Inc. ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Bob Johnson\Start Menu\Programs\StartUp

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [Rename]
Wininit.ini: Line 2 - NUL=C:\DOCUME~1\BOBJOH~1\LOCALS~1\History\History.IE5\index.dat

Miscellaneous Folders

AllUsers ApplicationData Folder

CurrentUser ApplicationData Folder
C:\Documents and Settings\Bob Johnson\Application Data\$_hpcst$.hpc - ( [Ver = | Size = 2508 bytes | Date = 04/27/2006 16:18 | Attr = ])
C:\Documents and Settings\Bob Johnson\Application Data\AdobeDLM.log - ( [Ver = | Size = 1554 bytes | Date = 08/04/2005 15:47 | Attr = ])
C:\Documents and Settings\Bob Johnson\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 08/04/2005 15:47 | Attr = ])
C:\Documents and Settings\Bob Johnson\Application Data\mpauth.dat - ( [Ver = | Size = 784 bytes | Date = 12/21/2002 10:33 | Attr = ])

Program Files Folder
C:\Program Files\aaw6.exe - ( [Ver = | Size = 1760378 bytes | Date = 03/08/2004 13:42 | Attr = ])
C:\Program Files\aaw6plus.exe - ( [Ver = | Size = 2336899 bytes | Date = 03/08/2004 13:52 | Attr = ])
C:\Program Files\Acrobat Pro 6.0.exe - ( [Ver = | Size = 180886574 bytes | Date = 08/25/2004 11:45 | Attr = ])
C:\Program Files\acwizard.exe - (Microsoft Corporation [Ver = 5.50.4134.600 | Size = 6104336 bytes | Date = 04/16/2004 20:48 | Attr = ])
C:\Program Files\AdwareAway.exe - ( [Ver = | Size = 2225520 bytes | Date = 08/13/2006 22:32 | Attr = ])
C:\Program Files\AGCEClientSetup.exe - ( [Ver = | Size = 3818492 bytes | Date = 02/01/2005 11:11 | Attr = ])
C:\Program Files\aplpia.html - ( [Ver = | Size = 8345 bytes | Date = 02/22/2005 20:52 | Attr = ])
C:\Program Files\bcdp7.exe - ( [Ver = | Size = 2517771 bytes | Date = 01/13/2004 22:26 | Attr = ])
C:\Program Files\blonde_0021_4.mpeg - ( [Ver = | Size = 1269764 bytes | Date = 11/08/2005 19:15 | Attr = ])
C:\Program Files\blonde_0048_4.mpeg - ( [Ver = | Size = 1269764 bytes | Date = 11/08/2005 19:14 | Attr = ])
C:\Program Files\cs606.exe - (Corex Technologies Corporation [Ver = 6.0 | Size = 45286088 bytes | Date = 07/05/2004 23:09 | Attr = ])
C:\Program Files\custo20t.exe - ( [Ver = | Size = 1299923 bytes | Date = 08/17/2004 14:05 | Attr = ])
C:\Program Files\desktop.ini - ( [Ver = | Size = 305 bytes | Date = 05/07/2007 18:48 | Attr = H ])
C:\Program Files\DivX521XP2K.exe - ( [Ver = | Size = 7741336 bytes | Date = 04/02/2005 02:31 | Attr = ])
C:\Program Files\etradePro.exe - (Etrade [Ver = 1.00.000 | Size = 6592423 bytes | Date = 11/02/2004 08:19 | Attr = ])
C:\Program Files\EZAntivirus.exe - (Computer Associates International, Inc. [Ver = 7.0.5.3 | Size = 4399136 bytes | Date = 11/08/2005 16:55 | Attr = ])
C:\Program Files\FinalBid251.exe - (V Communications, Inc. [Ver = 2.51 | Size = 5466411 bytes | Date = 04/15/2005 16:01 | Attr = ])
C:\Program Files\fms_on_cd_v40a_sp3a.exe - ( [Ver = | Size = 705128 bytes | Date = 06/14/2003 19:36 | Attr = ])
C:\Program Files\folder.htt - ( [Ver = | Size = 21952 bytes | Date = 05/07/2007 18:46 | Attr = H ])
C:\Program Files\ftna4-07-07-04.wmv - ( [Ver = | Size = 681484 bytes | Date = 09/09/2004 11:37 | Attr = ])
C:\Program Files\GLD009-TT-007.wmv - ( [Ver = | Size = 628820 bytes | Date = 11/08/2005 19:16 | Attr = ])
C:\Program Files\hijackthis.zip - ( [Ver = | Size = 212849 bytes | Date = 08/28/2006 10:57 | Attr = ])
C:\Program Files\i600_UpgradeTool.exe - ( [Ver = 1, 0, 0, 1 | Size = 2248704 bytes | Date = 04/26/2005 13:22 | Attr = ])
C:\Program Files\ie6setup.exe - (Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 491768 bytes | Date = 12/15/2005 13:36 | Attr = ])
C:\Program Files\ir.exe - ( [Ver = | Size = 343005 bytes | Date = 05/24/2005 02:31 | Attr = ])
C:\Program Files\iTunesSetup.exe - (Apple Computer, Inc. [Ver = 6.0.3.5 | Size = 36526792 bytes | Date = 02/19/2006 11:57 | Attr = ])
C:\Program Files\iview392.exe - ( [Ver = | Size = 870912 bytes | Date = 09/05/2004 13:02 | Attr = ])
C:\Program Files\j2re-1_3_1_05-windows-i586.exe - (JavaSoft [Ver = 1.3.1 | Size = 5467654 bytes | Date = 11/30/2004 15:13 | Attr = ])
C:\Program Files\j2sdk-1_3_1_05-windows-i586.exe - (Sun Microsystems [Ver = 1.3.1 | Size = 33004332 bytes | Date = 11/09/2004 14:24 | Attr = ])
C:\Program Files\messenger.exe - ( [Ver = | Size = 4134520 bytes | Date = 01/12/2004 09:21 | Attr = ])
C:\Program Files\MPSetup.exe - (Microsoft Corporation [Ver = 9.00.00.2980 | Size = 13951112 bytes | Date = 03/01/2004 09:25 | Attr = ])
C:\Program Files\opsetup.exe - (MetaProducts corp. [Ver = 3.3.0.1758 | Size = 2203156 bytes | Date = 08/17/2004 14:59 | Attr = ])
C:\Program Files\readme.htm - ( [Ver = | Size = 40797 bytes | Date = 03/20/2000 11:41 | Attr = ])
C:\Program Files\reality_0030_1.mpeg - ( [Ver = | Size = 1269764 bytes | Date = 11/08/2005 19:33 | Attr = ])
C:\Program Files\reality_0030_3.mpeg - ( [Ver = | Size = 1269764 bytes | Date = 11/08/2005 19:33 | Attr = ])
C:\Program Files\reality_0030_4.mpeg - ( [Ver = | Size = 1269764 bytes | Date = 11/08/2005 19:32 | Attr = ])
C:\Program Files\RSBJInstall.EXE - ( [Ver = | Size = 2288568 bytes | Date = 04/15/2004 18:30 | Attr = ])
C:\Program Files\setup.exe - ( [Ver = | Size = 35400 bytes | Date = 03/10/2003 12:21 | Attr = R ])
C:\Program Files\setupactivesync.exe - ( [Ver = | Size = 35400 bytes | Date = 03/10/2003 12:21 | Attr = R ])
C:\Program Files\sp3express.exe - ( [Ver = 1.16 | Size = 635384 bytes | Date = 12/15/2005 13:47 | Attr = ])
C:\Program Files\SP4express_EN.exe - ( [Ver = 1.16 | Size = 602688 bytes | Date = 12/15/2005 13:47 | Attr = ])
C:\Program Files\spybotsd12.exe - ( [Ver = | Size = 3684032 bytes | Date = 10/06/2003 18:34 | Attr = ])
C:\Program Files\sspsetup3815_1882291390.exe - (Webroot Software, Inc. [Ver = 5.0.7.1608 | Size = 10698768 bytes | Date = 08/24/2006 12:53 | Attr = ])
C:\Program Files\STSetup.exe - ( [Ver = | Size = 7559964 bytes | Date = 08/17/2004 14:13 | Attr = ])
C:\Program Files\sysclean.com - ( [Ver = | Size = 2470661 bytes | Date = 01/07/2005 22:49 | Attr = ])
C:\Program Files\sysclean.exe - ( [Ver = | Size = 86016 bytes | Date = 08/14/2006 12:07 | Attr = ])
C:\Program Files\SystemSuite5.exe - (V Communications, Inc. [Ver = 5.0.3.3 | Size = 59918617 bytes | Date = 12/16/2004 14:55 | Attr = ])
C:\Program Files\txtsetup.oem - ( [Ver = | Size = 5145 bytes | Date = 03/20/2000 11:36 | Attr = ])
C:\Program Files\vcodec_ver3.292.exe - ( [Ver = | Size = 26320 bytes | Date = 12/22/2005 14:48 | Attr = ])
C:\Program Files\vid.htm - ( [Ver = | Size = 3937 bytes | Date = 11/08/2005 19:17 | Attr = ])
C:\Program Files\view_px.exe - (Paychex, Inc. [Ver = 7, 2, 2, 2 | Size = 1056031 bytes | Date = 11/09/2004 14:47 | Attr = ])
C:\Program Files\VirtualBouncerUninstall.exe - ( [Ver = 0.00.0001 | Size = 122880 bytes | Date = 03/11/2004 09:39 | Attr = ])
C:\Program Files\w2kdsk1 - ( [Ver = | Size = 31 bytes | Date = 03/02/2000 17:30 | Attr = ])
C:\Program Files\w2k_v100b_pci_drvs.exe - ( [Ver = | Size = 255020 bytes | Date = 06/14/2003 19:25 | Attr = ])
C:\Program Files\WGAPluginInstall.exe - (Microsoft® Corporation [Ver = 1.4.0395.0 | Size = 459024 bytes | Date = 12/15/2005 13:46 | Attr = ])
C:\Program Files\winamp521_full_emusic-7plus.exe - (Nullsoft, Inc. [Ver = 5.2.1.497 | Size = 5616888 bytes | Date = 05/16/2006 10:30 | Attr = ])
C:\Program Files\wintaskdemo.exe - (TaskWare [Ver = 3.2.0000 | Size = 9469008 bytes | Date = 08/12/2006 16:19 | Attr = ])
C:\Program Files\WM2003_i600.img - ( [Ver = | Size = 24576040 bytes | Date = 04/26/2005 13:28 | Attr = ])

Common Files Folder

DPF files
{0000000A-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
{00000161-0000-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/msaudio.cab
{01113300-3E00-11D2-8470-0060089874ED} - Support.com Configuration Class - CodeBase = http://activation.rr.com/install/download/tgctlcm.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{0713E8D2-850A-101B-AFC0-4210102A8DA7} - Microsoft ProgressBar Control, version 5.0 (SP2) - CodeBase = http://bin.mcafee.com/molbin/Shared/ComCtl...22/ComCtl32.cab
{0C568603-D79D-11D2-87A7-00C04FF158BB} - BrowseFolderPopup Class - CodeBase = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - DjVuCtl Class - CodeBase = http://downloadcenter.samsung.com/content/...trolLite_EN.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2B323CD9-50E3-11D3-9466-00A0C9700498} - Yahoo! Audio Conferencing - CodeBase = http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
{37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - AOL Content Update - CodeBase = http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
{40289096-9F72-4A04-BCB3-E434ECDCEE33} - AppDLCtrl Class - CodeBase = http://download.howudodat.com/chatterbox/download/appdl.cab
{41564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
{41F17733-B041-4099-A042-B518BB6A408C} - - CodeBase = http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://bin.mcafee.com/molbin/shared/mcinsc...55/mcinsctl.cab
{556DDE35-E955-11D0-A707-000000521957} - - CodeBase = http://www.xblock.com/download/xclean_micro.exe
{556DDE36-E951-11D1-A708-000000521958} - - CodeBase = http://www.xblock.com/members/files/xcleaner_full_setup.cab
{611CF77F-F7F5-4EA1-B979-667671326B4C} - MarketTrader - ETrade v243a - CodeBase = http://etrade.bridge.com/etgmt_prd/java/gmtb_etrade_i.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1149883427043
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} - Housecall ActiveX 6.5 - CodeBase = http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
{6F07CA40-1983-11D6-B8FA-00C04F5E375A} - Global MarketTrade - ETrade package - CodeBase = http://etrade.bridge.com/etgmt_backup/java/gmt_etrade_i.cab
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} - HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} - - CodeBase = http://www.rightalk.com/webcam/AxisCamControl.ocx
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...8485.4621759259
{C0288443-26C2-11D6-B8FA-00C04F5E375A} - Global MarketTrader - Bridge package - CodeBase = http://etrade.bridge.com/etgmt_backup/java/gmt_bridge_i.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CEBC955E-58AF-11D2-A30A-00A0C903492B} - - CodeBase = http://windowsupdate.microsoft.com/R989/V3...en/actsetup.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - - CodeBase = https://paychexevents.webex.com/client/v_my...ing/ieatgpc.cab
{E19F9331-3110-11d4-991C-005004D3B3DB} - Java Plug-in 1.3.0_02 - CodeBase = http://java.sun.com/products/plugin/1.3.0_...-130_02-win.cab
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - - CodeBase = http://download.abacast.com/download/files/abasetup152.cab
{E93A06EF-ABD8-4FA5-96BF-968614B08531} - MarketTrader - Reuters v243b - CodeBase = http://etrade.bridge.com/etgmt_prd/java/gmtb_bridge_i.cab
ConferenceRoom Java Client - - CodeBase = http://chat.privatefeeds.com:8000/java/cr.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Internet Explorer Classes for Java - - CodeBase = file://C:\WINDOWS\SYSTEM\iejava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
Yahoo! Chat - - CodeBase = http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

Hosts file = 27 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\\UpgradedFrom - 271
Desktop\General -
Desktop\General\\TileWallpaper - 1
Desktop\General\\WallpaperStyle - 0
Desktop\General\\Wallpaper -
Desktop\General\\BackupWallpaper -
Desktop\General\\WallpaperFileTime - 00 00 00 00 00 00 00 00
Desktop\General\\ComponentsPositioned - 1
Desktop\General\\WallpaperLocalFileTime - 00 28 A1 53 C5 FF FF FF
Desktop\SafeMode -
Desktop\SafeMode\Components -
Desktop\SafeMode\Components\\DeskHtmlVersion - 272
Desktop\SafeMode\Components\\DeskHtmlMinorVersion - 3
Desktop\SafeMode\Components\\Settings - 1
Desktop\SafeMode\Components\\GeneralFlags - 0
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 12/07/1999 05:00 | Attr = RH ])
C:\WINDOWS\tasks\RegCure.job - ( [Ver = | Size = 384 bytes | Date = 09/07/2006 03:00 | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/15/2006 23:13 | Attr = H ])
C:\WINDOWS\tasks\Scheduled Checkpoint.job - ( [Ver = | Size = 324 bytes | Date = 09/15/2006 23:11 | Attr = ])
C:\WINDOWS\tasks\Tune-up Application Start.job - ( [Ver = | Size = 502 bytes | Date = 09/06/2006 23:00 | Attr = ])
C:\WINDOWS\tasks\wrSpySweeper_73786BDC6747476EA39E1C9329B86E01.job - ( [Ver = | Size = 1290 bytes | Date = 09/11/2006 23:00 | Attr = ])
C:\WINDOWS\tasks\wrSpySweeper_9DAE52602FD844AFB67CD66B0A44D803.job - ( [Ver = | Size = 1290 bytes | Date = 09/16/2006 00:00 | Attr = ])
C:\WINDOWS\tasks\wrSpySweeper_9F05280BA35847668A946BE1D09D1CAF.job - ( [Ver = | Size = 1290 bytes | Date = 09/11/2006 23:00 | Attr = ])
C:\WINDOWS\tasks\XoftSpy.job - ( [Ver = | Size = 312 bytes | Date = 08/14/2006 14:41 | Attr = ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\ActiveDesktop -
policies\ActiveDesktop\AdminComponent -
policies\Explorer -
policies\Explorer\Run -
policies\Network -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\Ratings -
policies\Ratings\\Key - 9B 9F 00 BC 48 A2 63 AD 35 A8 C5 ED 8C 5E 25 60
policies\Ratings\\FileName0 - C:\WINDOWS\System32\RSACi.rat
policies\Ratings\.Default -
policies\Ratings\.Default\\Allow_Unknowns - 0
policies\Ratings\.Default\\PleaseMom - 1
policies\Ratings\.Default\\Enabled - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html -
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\l - 4
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\n - 4
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\s - 4
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\v - 4
policies\Ratings\PICSRules -
policies\Ratings\PICSRules\.Default -
policies\Ratings\PICSRules\.Default\\NumSys - 0
policies\Ratings\PICSRules\.Default\0 -
policies\Ratings\PICSRules\.Default\0\\dwFlags - 0
policies\Ratings\PICSRules\.Default\0\\errLine - 0
policies\Ratings\PICSRules\.Default\0\PRPolicy -
policies\Ratings\PICSRules\.Default\0\PRPolicy\\PRNumPolicy - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\0 -
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\\PRPPolicyAttribute - 2
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub -
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\\PRNumURLExpressions - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0 -
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUInternetPattern - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUNonWild - 13
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUSpecified - 31
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUScheme - http
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUHost - www.freerepublic.com
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUPort - 80
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUUrl - http://www.freerepublic.com
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 149
policies\Explorer\\CDRAutoRun - 0
policies\System -
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run not found. -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun -

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:40 PM

Posted 16 September 2006 - 09:17 AM

Hi BobJRT. I do not see anything suspicious in the WinPFind2 report. Most of the scanning software looks at things differently and draws different conclusions. Some can be valid and some can be false positives.

Post back with some examples of what these various programs are finding (file names and locations). Depending on what the files are and where they are found it might just be a matter of cleaning out the temp folders or restore points.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 BobJRT

BobJRT
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 September 2006 - 12:08 PM

OT,

I'm beginning to think I may have a problem with my Network card and not a virus. THANKS FOR YOUR HELP!

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:40 PM

Posted 17 September 2006 - 11:58 AM

You are welcome BobJRT. That being the case, the Hardware forum can assist in checking out the card. I will now close this topic. If you need it reopened, please PM me. If you have any future malware questions or issues please start a new topic.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users