DDS (Ver_09-05-14.01) - NTFSx86
Run by Helaman at 9:11:15.00 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.967 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Invisible Browsing\servers\IBService.exe
D:\Program Files\Invisible Browsing\servers\Socks\IBSocksManager.exe
D:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
D:\Program Files\Invisible Browsing\servers\Socks\IBSocks.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RunDll32.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
D:\Program Files\Invisible Browsing\InvisibleBrowsing.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
D:\Program Files\Registry Mechanic\RegMech.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\VCOM\PowerDesk\pddlghlp.exe
D:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
D:\Program Files\ACD Systems\ImageFox\ImageFox.exe
D:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Webshots\webshots.scr
D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\TEMP\VRT47.tmp
svchost.exe C:\WINDOWS\TEMP\VRT49.tmp
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
M:\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.yahoo.com/uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - No File
BHO: {e7f15ac4-e0a9-43f0-921b-70dfea621220} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] d:\program files\registry mechanic\RegMech.exe /H
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TrueImageMonitor.exe] d:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] d:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [InvisibleBrowsing] d:\program files\invisible browsing\InvisibleBrowsing.exe
mRun: [ISTray] "d:\program files\spyware doctor\pctsTray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Secure AntiVirus Pro] c:\windows\AV.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\helaman\startm~1\programs\startup\dialog~1.lnk - d:\program files\vcom\powerdesk\pddlghlp.exe
StartupFolder: c:\docume~1\helaman\startm~1\programs\startup\dragon~1.lnk - d:\program files\nuance\naturallyspeaking9\program\natspeak.exe
StartupFolder: c:\docume~1\helaman\startm~1\programs\startup\imagefox.lnk - d:\program files\acd systems\imagefox\ImageFox.exe
StartupFolder: c:\docume~1\helaman\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\helaman\startm~1\programs\startup\wordwe~1.lnk - d:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\helaman\startm~1\programs\startup\yahoo!~1.lnk - d:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - d:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Append to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu -
file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - d:\program files\micros~1\office11\EXCEL.EXE/3000
IE: Fill Forms -
file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open using &Advanced JPEG Compressor - d:\advanced jpeg compressor\ajcieex.htm
IE: RoboForm Toolbar -
file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms -
file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\program files\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
STS: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - d:\program files\qualcomm\eudora\EuShlExt.dll
SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
LSA: Authentication Packages = msv1_0 relog_ap